Detect vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass in Elastic Security
Detects exploitation of CVE-2026-47210, a critical sandbox escape vulnerability in the npm vm2 library (versions <= 3.11.3). The vulnerability abuses the JavaScript Promise Integration (JSPI) mechanism and the Promise species pattern in .finally() to escape the vm2 sandbox and execute arbitrary code on the host. A public PoC exists and exploitation grants full host access with the privileges of the Node.js process.
MITRE ATT&CK
- Tactic
- Execution Privilege Escalation
Elastic Detection Query
sequence by host.name with maxspan=5m
[process where event.type == "start"
and process.name in ("node", "node.exe")
and (
process.command_line like~ "*vm2*"
or process.parent.command_line like~ "*vm2*"
)
] by process.entity_id
[process where event.type == "start"
and process.parent.name in ("node", "node.exe")
and process.name not in ("node", "node.exe", "npm", "npx")
and not process.executable like~ "/usr/bin/*"
and not process.executable like~ "C:\\Program Files\\*"
] by process.parent.entity_idEQL sequence rule detecting a Node.js process loading vm2 followed within 5 minutes by that same process spawning an unexpected child process — a primary indicator of sandbox escape exploitation.
Data Sources
Required Tables
False Positives & Tuning
- Legitimate vm2-based applications that intentionally manage child processes for parallelism
- Developer tooling using vm2 to isolate plugin execution while also using subprocess communication
- Node.js microservice frameworks embedding vm2 with inter-process communication components
- Custom build systems using vm2 for sandboxed task execution with legitimate process spawning
Other platforms for CVE-2026-47210
Testing Methodology
Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1vm2 JSPI Species Bypass — Host Process Execution via Promise.finally
Expected signal: Process creation event: node spawning child process (sh -c 'id > /tmp/vm2_escape_test.txt') or direct execSync call visible in process audit logs. File creation event for /tmp/vm2_escape_test.txt by the node process.
- Test 2vm2 Sandbox Escape — Environment Variable Exfiltration
Expected signal: Node.js process accessing environment variables in a vm2 run context. Application-layer logging may show unexpected JSON serialization of env object. No child process is spawned, so EDR process-tree signals may not fire — rely on vm2 audit logging if enabled.
- Test 3vm2 Version Audit and Vulnerable Instance Discovery
Expected signal: Process creation events for find and node commands reading package.json files. File access events on node_modules directories. No malicious activity — this is a discovery/audit test.
- Test 4vm2 Sandbox Escape on Windows — Host Command Execution via species bypass
Expected signal: Windows Security Event Log (Event ID 4688) showing node.exe creating a child process (cmd.exe or conhost.exe). EDR telemetry showing process tree: node.exe -> cmd.exe with whoami command. File creation event for C:\Temp\vm2_escape.txt.
References (5)
- https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q
- https://github.com/patriksimek/vm2/commit/6915fa4d9bcebd47b9a4f39a1adc1aa94ef6ffc6
- https://github.com/patriksimek/vm2/releases/tag/v3.11.4
- https://nvd.nist.gov/vuln/detail/CVE-2026-47210
- https://github.com/advisories/GHSA-6j2x-vhqr-qr7q
Unlock Pro Content
Get the full detection package for CVE-2026-47210 including response playbook, investigation guide, and atomic red team tests.