Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-sxnb-dxuh-hfbt
Vulnerability ID VCID-sxnb-dxuh-hfbt
Aliases CVE-2026-47141
GHSA-9g8x-92q2-p28f
Summary NodeVM observability builtins leak host process and HTTP request data
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-668 Exposure of Resource to Wrong Sphere
System Score Found at
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2026-47141
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2026-47141
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9g8x-92q2-p28f
cvssv4 4.6 https://github.com/patriksimek/vm2
generic_textual MODERATE https://github.com/patriksimek/vm2
cvssv4 4.6 https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
cvssv4 6.9 https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
generic_textual MODERATE https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
ssvc Track https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
cvssv4 4.6 https://github.com/patriksimek/vm2/releases/tag/v3.11.4
cvssv4 6.9 https://github.com/patriksimek/vm2/releases/tag/v3.11.4
generic_textual MODERATE https://github.com/patriksimek/vm2/releases/tag/v3.11.4
ssvc Track https://github.com/patriksimek/vm2/releases/tag/v3.11.4
cvssv3.1_qr MODERATE https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
cvssv4 4.6 https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
cvssv4 6.9 https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
generic_textual MODERATE https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
ssvc Track https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
cvssv4 4.6 https://nvd.nist.gov/vuln/detail/CVE-2026-47141
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-47141
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-47141
https://github.com/patriksimek/vm2
https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
https://github.com/patriksimek/vm2/releases/tag/v3.11.4
https://nvd.nist.gov/vuln/detail/CVE-2026-47141
GHSA-9g8x-92q2-p28f https://github.com/advisories/GHSA-9g8x-92q2-p28f
GHSA-9g8x-92q2-p28f https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U Found at https://github.com/patriksimek/vm2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U Found at https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-13T03:08:58Z/ Found at https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U Found at https://github.com/patriksimek/vm2/releases/tag/v3.11.4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/patriksimek/vm2/releases/tag/v3.11.4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-13T03:08:58Z/ Found at https://github.com/patriksimek/vm2/releases/tag/v3.11.4
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U Found at https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-13T03:08:58Z/ Found at https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U Found at https://nvd.nist.gov/vuln/detail/CVE-2026-47141
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.12473
EPSS Score 0.0004
Published At June 13, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:38:55.201610+00:00 GHSA Importer Import https://github.com/advisories/GHSA-9g8x-92q2-p28f 38.6.0