# [CRIT] [GHSA / CRITICAL] CVE-2026-45411: vm2 Has a Sandbox Breakout Using Async Generator **Source:** GitHub Security Advisories **Published:** 2026-05-14 **Article:** https://github.com/advisories/GHSA-248r-7h7q-cr24 ## Threat Profile vm2 Has a Sandbox Breakout Using Async Generator ### Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. ### Details It is possible to catch a host exception using the `yield*` expression inside an async generator. When the generator is closed using the `return` function, the value is awaited on and exceptions thrown in the `then` call will be catched by the run… ## Indicators of Compromise (high-fidelity only) - **CVE:** `CVE-2026-45411` ## MITRE ATT&CK Techniques - **T1190** — Exploit Public-Facing Application - **T1059** — Command and Scripting Interpreter ## Kill chain phases observed _(none detected from narrative keywords)_ ## Recommended hunts ### Vulnerable vm2 npm package (<= 3.11.2) present on host — CVE-2026-45411 `UC_287_1` · phase: **weapon** · confidence: **High** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats summariesonly=t count min(_time) as firstTime max(_time) as lastTime values(Filesystem.file_path) as paths from datamodel=Endpoint.Filesystem where (Filesystem.file_path="*\\node_modules\\vm2\\package.json" OR Filesystem.file_path="*/node_modules/vm2/package.json") by Filesystem.dest, Filesystem.user | `drop_dm_object_name(Filesystem)` | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql let VulnByTvm = DeviceTvmSoftwareVulnerabilities | where Timestamp > ago(7d) | where CveId =~ "CVE-2026-45411" | project Timestamp, DeviceId, DeviceName, SoftwareName, SoftwareVersion, CveId, Source="TVM"; let VulnByDisk = DeviceFileEvents | where Timestamp > ago(30d) | where FolderPath has @"\node_modules\vm2\" or FolderPath has "/node_modules/vm2/" | where FileName =~ "package.json" | project Timestamp, DeviceId, DeviceName, FolderPath, InitiatingProcessFileName, InitiatingProcessCommandLine, Source="DiskPath"; union VulnByTvm, VulnByDisk | order by Timestamp desc ``` ### Node.js process spawning shell or system utility — likely vm2 sandbox escape `UC_287_2` · phase: **exploit** · confidence: **High** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats summariesonly=t count min(_time) as firstTime max(_time) as lastTime values(Processes.process) as process_cmd values(Processes.parent_process) as parent_cmd from datamodel=Endpoint.Processes where Processes.parent_process_name IN ("node.exe","node") Processes.process_name IN ("cmd.exe","powershell.exe","pwsh.exe","bash.exe","sh.exe","wsl.exe","sh","bash","dash","zsh","touch","curl","wget","whoami","id","uname") by Processes.dest, Processes.user, Processes.parent_process_name, Processes.process_name | `drop_dm_object_name(Processes)` | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql DeviceProcessEvents | where Timestamp > ago(7d) | where InitiatingProcessFileName in~ ("node.exe","node") | where FileName in~ ("cmd.exe","powershell.exe","pwsh.exe","bash.exe","sh.exe","wsl.exe","sh","bash","dash","zsh","touch","curl","wget","whoami","id","uname") | where AccountName !endswith "$" | project Timestamp, DeviceName, AccountName, ParentImage = InitiatingProcessFolderPath, ParentCmd = InitiatingProcessCommandLine, ChildImage = FolderPath, ChildCmd = ProcessCommandLine, SHA256 | order by Timestamp desc ``` ### IOC-driven hunts (use shared templates) These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing. - **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High** - CVE(s): `CVE-2026-45411` ## Why this matters Severity classified as **CRIT** based on: CVE present, 3 use case(s) fired, 2 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.