Which SIEM platforms have a CVE-2026-47210 detection rule?

df00tech provides CVE-2026-47210 (vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass) detection queries for 7 SIEM platforms: Microsoft Sentinel / Defender, Splunk, Elastic Security (EQL), IBM QRadar (AQL), Sumo Logic CSE, Google Chronicle / SecOps, CrowdStrike LogScale (CQL).

What data sources are required to detect vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass (CVE-2026-47210)?

Detecting vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass requires the following data sources: Microsoft Defender for Endpoint, Microsoft Sentinel.

What severity and confidence is the CVE-2026-47210 detection?

The CVE-2026-47210 detection is rated critical severity with medium confidence.

What are common false positives for CVE-2026-47210?

Common false positives for CVE-2026-47210 include: Legitimate Node.js applications using vm2 for sandboxed script execution in development environments; Security researchers testing vm2-based sandboxes in lab environments; CI/CD pipelines running vm2-dependent test suites that spawn child processes legitimately.

CVE-2026-47210

vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass

Execution Privilege Escalation Last updated: June 21, 2026

Detects exploitation of CVE-2026-47210, a critical sandbox escape vulnerability in the npm vm2 library (versions <= 3.11.3). The vulnerability abuses the JavaScript Promise Integration (JSPI) mechanism and the Promise species pattern in .finally() to escape the vm2 sandbox and execute arbitrary code on the host. A public PoC exists and exploitation grants full host access with the privileges of the Node.js process.

Vulnerability Intelligence

Public PoC

CVE

CVE-2026-47210↗ NVD

Affected Software

Vendor: npm
Product: vm2
Versions: <= 3.11.3

Weakness (CWE)

CWE-913

Timeline

Disclosed: May 29, 2026

References & Proof of Concept

CVSS

9.8

Critical (9.0–10)

Read the write-up →

What is CVE-2026-47210 vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass?

vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass (CVE-2026-47210) maps to the Execution and Privilege Escalation tactics — the adversary is trying to run malicious code in MITRE ATT&CK.

This page provides production-ready detection logic for vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass, covering the data sources and telemetry it touches: Microsoft Defender for Endpoint, Microsoft Sentinel. The queries below are rated critical severity at medium confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic: Execution Privilege Escalation

Microsoft Sentinel / Defender

kusto

let suspiciousArgs = dynamic(['finally', 'species', 'Promise', 'constructor', 'process', 'require', 'child_process']);
union DeviceProcessEvents, DeviceNetworkEvents
| where Timestamp > ago(24h)
| where FileName in~ ('node', 'node.exe') or InitiatingProcessFileName in~ ('node', 'node.exe')
| extend CmdLower = tolower(ProcessCommandLine)
| where CmdLower has_any ('vm2', 'sandbox') 
    or (InitiatingProcessCommandLine has 'vm2' and CmdLower has_any ('exec', 'spawn', 'fork', 'require'))
| extend SuspiciousIndicators = array_length(set_intersect(dynamic(['vm2']), extract_all(@'(\w+)', CmdLower)))
| project Timestamp, DeviceName, AccountName, FileName, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessCommandLine, SHA256, FolderPath
| join kind=leftouter (
    DeviceFileEvents
    | where Timestamp > ago(24h)
    | where InitiatingProcessFileName in~ ('node', 'node.exe')
    | where FolderPath !startswith 'C:\\Program Files'
    | where FolderPath !startswith '/usr/'
    | project FileTimestamp=Timestamp, DeviceName, CreatedFilePath=FolderPath, InitiatingProcessFileName
) on DeviceName
| where isnotempty(DeviceName)
| summarize count(), FileCreations=countif(isnotempty(CreatedFilePath)), arg_max(Timestamp, *) by DeviceName, AccountName, ProcessCommandLine
| where count_ > 0

Detects Node.js processes associated with vm2 that subsequently spawn child processes or create files outside expected paths, indicative of a sandbox escape. Also correlates vm2 usage with unexpected process execution chains.

critical severity medium confidence

Data Sources

Microsoft Defender for Endpoint Microsoft Sentinel

Required Tables

DeviceProcessEvents DeviceNetworkEvents DeviceFileEvents

False Positives

Legitimate Node.js applications using vm2 for sandboxed script execution in development environments
Security researchers testing vm2-based sandboxes in lab environments
CI/CD pipelines running vm2-dependent test suites that spawn child processes legitimately
Node.js debuggers and profiling tools that attach to vm2-using processes

Google Chronicle / SecOps

yaral

rule cve_2026_47210_vm2_sandbox_escape {
  meta:
    author = "df00tech"
    description = "Detects vm2 sandbox escape via JSPI Promise.finally species bypass (CVE-2026-47210)"
    severity = "CRITICAL"
    priority = "HIGH"
    cve = "CVE-2026-47210"

  events:
    $node_proc.metadata.event_type = "PROCESS_LAUNCH"
    $node_proc.principal.process.file.full_path = /node/ nocase
    (
      $node_proc.target.process.command_line = /vm2/ nocase
      or $node_proc.principal.process.command_line = /vm2/ nocase
    )

    $child_proc.metadata.event_type = "PROCESS_LAUNCH"
    $child_proc.principal.process.file.full_path = /node/ nocase
    $child_proc.target.process.command_line = /(execSync|spawnSync|child_process|exec\()/ nocase
    not $child_proc.target.process.file.full_path = /\/usr\/bin\// nocase
    not $child_proc.target.process.file.full_path = /npm/ nocase

    $node_proc.principal.hostname = $child_proc.principal.hostname
    $node_proc.metadata.event_timestamp.seconds < $child_proc.metadata.event_timestamp.seconds
    ($child_proc.metadata.event_timestamp.seconds - $node_proc.metadata.event_timestamp.seconds) < 300

  condition:
    $node_proc and $child_proc
}

YARA-L 2.0 rule for Google Chronicle correlating a Node.js vm2 invocation with a subsequent child process execution call within 5 minutes on the same host, indicating sandbox escape exploitation.

critical severity high confidence

Data Sources

Google Chronicle Endpoint Telemetry (via Chronicle ingestion)

Required Tables

Process Launch Events (UDM)

False Positives

Applications that legitimately sandbox user scripts via vm2 and also manage worker processes for scaling
Node.js backend services using vm2 for plugin isolation that spawn helper binaries
Automated penetration testing or red team exercises targeting vm2 in authorized environments
Development environments where vm2-powered REPLs or code runners also invoke shell commands

Sigma rule & cross-platform mapping

The detection logic for vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass (CVE-2026-47210) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource:

logsource:
  category: process_creation
  product: windows

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-47210 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-47210

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)

Last updated: 2026-06-21 Research depth: standard

References (5)

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

Test 1vm2 JSPI Species Bypass — Host Process Execution via Promise.finally
Expected signal: Process creation event: node spawning child process (sh -c 'id > /tmp/vm2_escape_test.txt') or direct execSync call visible in process audit logs. File creation event for /tmp/vm2_escape_test.txt by the node process.
Test 2vm2 Sandbox Escape — Environment Variable Exfiltration
Expected signal: Node.js process accessing environment variables in a vm2 run context. Application-layer logging may show unexpected JSON serialization of env object. No child process is spawned, so EDR process-tree signals may not fire — rely on vm2 audit logging if enabled.
Test 3vm2 Version Audit and Vulnerable Instance Discovery
Expected signal: Process creation events for find and node commands reading package.json files. File access events on node_modules directories. No malicious activity — this is a discovery/audit test.
Test 4vm2 Sandbox Escape on Windows — Host Command Execution via species bypass
Expected signal: Windows Security Event Log (Event ID 4688) showing node.exe creating a child process (cmd.exe or conhost.exe). EDR telemetry showing process tree: node.exe -> cmd.exe with whoami command. File creation event for C:\Temp\vm2_escape.txt.

Response Playbook

1. Examine the full command line and decode any Base64 content...
2. Identify the parent process chain and user context...
3. Check for concurrent network connections from the process...

Investigation Guide

Related techniques: T1027, T1105, T1562.001...
Forensic artifacts: PSReadLine history, Prefetch, ScriptBlock logs...

Atomic Red Team Tests

Test 1: Encoded command execution...
Test 2: Download cradle via Net.WebClient...

Unlock Pro Content

Get the full detection package for CVE-2026-47210 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance

Vulnerability Intelligence

CVE

Affected Software

Weakness (CWE)

Timeline

References & Proof of Concept

CVSS

What is CVE-2026-47210 vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass?

MITRE ATT&CK

Data Sources

Required Tables

False Positives

Data Sources

Required Sourcetypes

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Sigma rule & cross-platform mapping

Platform-specific guides for CVE-2026-47210

Testing Methodology

Unlock Pro Content

Related Detections

Tactic Hubs

Related Techniques

Same Tactic: Execution

Popular Detections

Get new detections in your inbox