What is CVE-2026-47208?

CVE-2026-47208 is a critical-severity vulnerability, classified under Improper Control of Dynamically-Managed Code Resources. CVSS score: 10.0/10. Published 2026-06-12.

How severe is CVE-2026-47208?

Critical severity. CVSS v3 base score is 10.0 out of 10.

CVE-2026-47208

CVE-2026-47208

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host…

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Weakness classification (CWE)

CWE-913 — Improper Control of Dynamically-Managed Code Resources

References

security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-47208?: CVE-2026-47208 is a critical-severity vulnerability, classified under Improper Control of Dynamically-Managed Code Resources. CVSS score: 10.0/10. Published 2026-06-12.
How severe is CVE-2026-47208?: Critical severity. CVSS v3 base score is 10.0 out of 10.