vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the host's TypeError constructor can be obtained, which allows the escape from the sandbox. This allows attackers to run arbitrary code. This issue has been patched in version 3.11.4.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
vm2 is a popular Node.js sandbox designed to execute untrusted code in isolation. CVE-2026-47131 is a critical sandbox escape vulnerability (CVSS 10.0) that allows attackers to break out of the vm2 sandbox and execute arbitrary code on the host system. The vulnerability affects all versions prior to 3.11.4 and exploits a prototype pollution chain using Buffer methods combined with Node.js error handling to gain access to the host's TypeError constructor. This is particularly dangerous because organizations use vm2 to safely run third-party scripts, plugins, or user-submitted code—making this escape a direct path from code execution within a sandbox to full host compromise. Any application relying on vm2 for security isolation is at immediate risk.
While this CVE is not yet mapped to specific MITRE ATT&CK techniques, Casky's Claude-powered analysis would identify the attack chain as leveraging Privilege Escalation and Defense Evasion patterns. A practitioner using Casky would observe detection findings focused on suspicious object property access patterns, unusual prototype chain manipulation, and unexpected Error constructor references in sandboxed code. The platform's extended reasoning capabilities would flag the combination of Buffer.call.call() chains with __lookupGetter__/__lookupSetter__ methods as a high-confidence indicator of sandbox escape attempts. Security teams would see alerts highlighting attempts to access host constructors or modify prototype chains—signatures that should never appear in properly isolated environments—allowing them to identify exploitation attempts before sandbox breakout occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-47131. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation