CVE-2026-47209
CVE-2026-47209
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specificat…
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N.
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-47209?
- CVE-2026-47209 is a high-severity vulnerability, classified under Protection Mechanism Failure. CVSS score: 8.6/10. Published 2026-06-12.
- How severe is CVE-2026-47209?
- High severity. CVSS v3 base score is 8.6 out of 10.