EIP-2026-103821

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103821. PoCs published by Calil Khalil.

AI-analyzed exploit summary This exploit demonstrates a sandbox escape in vm2 by leveraging a Proxy handler to manipulate the error stack trace, ultimately achieving remote code execution (RCE) via child_process.execSync. The vulnerability arises from improper handling of Proxy objects in the vm2 sandbox environment.

Description

vm2 - sandbox escape

Exploits (1)

exploitdb WORKING POC

by Calil Khalil · clocalmultiple

https://www.exploit-db.com/exploits/51898

View Code ZIP pw:eip

This exploit demonstrates a sandbox escape in vm2 by leveraging a Proxy handler to manipulate the error stack trace, ultimately achieving remote code execution (RCE) via child_process.execSync. The vulnerability arises from improper handling of Proxy objects in the vm2 sandbox environment.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: vm2 <= 3.9.19

No auth needed

Prerequisites: Node.js environment with vm2 installed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

vm2 - sandbox escape

Exploitation Summary

Description

Exploits (1)

Details