CVE-2026-47139
CVE-2026-47139
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, a…
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-47139?
- CVE-2026-47139 is a high-severity vulnerability, classified under Protection Mechanism Failure. CVSS score: 8.6/10. Published 2026-06-12.
- How severe is CVE-2026-47139?
- High severity. CVSS v3 base score is 8.6 out of 10.