What is CVE-2026-47210?

CVE-2026-47210 is a critical-severity vulnerability, classified under Improper Control of Dynamically-Managed Code Resources. CVSS score: 9.8/10. Published 2026-06-12.

How severe is CVE-2026-47210?

Critical severity. CVSS v3 base score is 9.8 out of 10.

CVE-2026-47210

CVE-2026-47210

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAss…

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Weakness classification (CWE)

CWE-913 — Improper Control of Dynamically-Managed Code Resources

References

security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-47210?: CVE-2026-47210 is a critical-severity vulnerability, classified under Improper Control of Dynamically-Managed Code Resources. CVSS score: 9.8/10. Published 2026-06-12.
How severe is CVE-2026-47210?: Critical severity. CVSS v3 base score is 9.8 out of 10.