CVE-2026-44005

Published May 13, 2026

Last updated 16 days ago

CVSS critical 10.0

Overview

Description
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.
Source
security-advisories@github.com
NVD status
Modified
Products
vm2

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
5.8
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-94

Social media

Hype score
Not currently trending

  1. šŸšØ CRITICAL: CVE-2026-44005 | CVSS 10.0 vm2 sandbox escape (v3.9.6-3.10.5) allows prototype pollution from inside Node.js sandboxes. Attackers can mutate host prototypes. āœ… Update to v3.11.0 immediately #CVE #Vulnerability #PatchNow https://t.co/upmVF4RYpI

    @DFIR_Lab

    28 May 2026

    36 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the runtime and passed to the yield* iterator as the next value. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.3.ā€¢CVE-2026-45411
  2. vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.ā€¢CVE-2026-44009
  3. vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host Function object. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.2.ā€¢CVE-2026-44008
  4. vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration ā€” including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.ā€¢CVE-2026-44007
  5. vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.ā€¢CVE-2026-44006

References

Sources include official advisories and independent security research.