CyberRota
← Ana sayfaya dön

CVE-2026-47135

HIGH · CVSS 8.7 EPSS %0.27 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-12T15:16:28.007 · Çekilme zamanı: 2026-06-30T12:18:11.556547+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-47135
Severity
HIGH
CVSS
8.7
EPSS
%0.27

Orijinal NVD Açıklaması

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them to host objects, and control host-side behavior — verified with a full util.promisify hijack chain. This issue has been patched in version 3.11.4.