Detect vm2 Sandbox Escape via JSPI-backed Promise .finally() Species Bypass in Sumo Logic CSE
Detects exploitation of CVE-2026-47210, a critical sandbox escape vulnerability in the npm vm2 library (versions <= 3.11.3). The vulnerability abuses the JavaScript Promise Integration (JSPI) mechanism and the Promise species pattern in .finally() to escape the vm2 sandbox and execute arbitrary code on the host. A public PoC exists and exploitation grants full host access with the privileges of the Node.js process.
MITRE ATT&CK
- Tactic
- Execution Privilege Escalation
Sumo Detection Query
_sourceCategory=endpoint/process OR _sourceCategory=audit/linux OR _sourceCategory=windows/security
| where _raw matches /node/
| parse regex field=_raw "(?<cmdline>(?:cmdline|command|cmd)=[^\n]+)" nodrop
| parse regex field=_raw "(?<parent_proc>(?:parent_process|ppid_name)=[^\n]+)" nodrop
| where cmdline matches /vm2/ or (parent_proc matches /node/ and cmdline matches /(?:execSync|spawnSync|child_process|exec\()/)
| eval vm2_hit = if(cmdline matches /vm2/, 1, 0)
| eval exec_hit = if(cmdline matches /(?:execSync|spawnSync|child_process)/, 1, 0)
| eval risk = vm2_hit + exec_hit
| where risk >= 1
| count by _sourceHost, cmdline, parent_proc, risk
| sort by risk desc
| where _count >= 1Sumo Logic query using regex parsing against endpoint and audit logs to surface Node.js processes executing vm2-related commands or child process APIs from a Node.js parent, suggesting potential sandbox escape activity.
Data Sources
Required Tables
False Positives & Tuning
- Multi-tenant SaaS platforms using vm2 to sandbox user-provided scripts with legitimate subprocess use
- Plugin-based Node.js applications where plugins use child_process for extension functionality
- Cloud functions or serverless runtimes embedding vm2 for code execution isolation
- DevOps automation tools using vm2 for sandboxed task execution alongside process spawning
Other platforms for CVE-2026-47210
Testing Methodology
Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1vm2 JSPI Species Bypass — Host Process Execution via Promise.finally
Expected signal: Process creation event: node spawning child process (sh -c 'id > /tmp/vm2_escape_test.txt') or direct execSync call visible in process audit logs. File creation event for /tmp/vm2_escape_test.txt by the node process.
- Test 2vm2 Sandbox Escape — Environment Variable Exfiltration
Expected signal: Node.js process accessing environment variables in a vm2 run context. Application-layer logging may show unexpected JSON serialization of env object. No child process is spawned, so EDR process-tree signals may not fire — rely on vm2 audit logging if enabled.
- Test 3vm2 Version Audit and Vulnerable Instance Discovery
Expected signal: Process creation events for find and node commands reading package.json files. File access events on node_modules directories. No malicious activity — this is a discovery/audit test.
- Test 4vm2 Sandbox Escape on Windows — Host Command Execution via species bypass
Expected signal: Windows Security Event Log (Event ID 4688) showing node.exe creating a child process (cmd.exe or conhost.exe). EDR telemetry showing process tree: node.exe -> cmd.exe with whoami command. File creation event for C:\Temp\vm2_escape.txt.
References (5)
- https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q
- https://github.com/patriksimek/vm2/commit/6915fa4d9bcebd47b9a4f39a1adc1aa94ef6ffc6
- https://github.com/patriksimek/vm2/releases/tag/v3.11.4
- https://nvd.nist.gov/vuln/detail/CVE-2026-47210
- https://github.com/advisories/GHSA-6j2x-vhqr-qr7q
Unlock Pro Content
Get the full detection package for CVE-2026-47210 including response playbook, investigation guide, and atomic red team tests.