CVE-2026-44005
published 2026-05-13CVE-2026-44005: vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then…
PriorityP357critical10CVSS 3.1
AVNACLPRNUINSCCNIHAH
EPSS
0.84%
53.3th percentile
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | — | — |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | >= 3.9.6 < 3.11.0 | 3.11.0 |
| vm2_project | vm2 | >= 3.9.6 < 3.11.0 | 3.11.0 |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 up to 3.10.x otherReflectSet/otherReflectDefineProperty prototype pollution (GHSA-vwrp-x96c-mhwq)
vuldb·2026-05-13·CVSS 10.0
CVE-2026-44005 [CRITICAL] patriksimek vm2 up to 3.10.x otherReflectSet/otherReflectDefineProperty prototype pollution (GHSA-vwrp-x96c-mhwq)
A vulnerability was found in patriksimek vm2 up to 3.10.x. It has been declared as critical. Affected is the function otherReflectSet/otherReflectDefineProperty. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.
This vulnerability is registered as CVE-2026-44005. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
ghsa·2026-05-07
CVE-2026-44005 [CRITICAL] CWE-1321 vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
### Summary
vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox.
### Details
BaseHandler.apply() unwraps sandbox-controlled receivers and arguments with otherFromThis() / otherFromThisArguments() and then directly invokes the real host function with ret = otherReflectApply(object, context, args), so any default-exposed host function that can surface a prototype getter becomes a prototyp
Red Hat
vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution
vendor_redhat·2026-05-13·CVSS 10.0
CVE-2026-44005 [CRITICAL] CWE-653 vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution
vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.
A flaw was found in vm2 3.9.6 through 3.10.5. The VM bridge exposes mutable proxies for host intrinsic prototypes and forwards sandbox writes via otherReflectSet/otherReflectDefineProperty, allowing mutation of host Object.prototype, Array.pr
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-44005 vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution
bugzilla·2026-05-13·CVSS 10.0
CVE-2026-44005 [CRITICAL] CVE-2026-44005 vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution
CVE-2026-44005 vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.
Hackernews
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
blogs_hackernews·2026-05-07·CVSS 10.0
CVE-2026-24118 [CRITICAL] vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment.
The security flaws are listed below -
CVE-2026-24118 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGette
https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwqhttps://access.redhat.com/security/cve/CVE-2026-44005https://bugzilla.redhat.com/show_bug.cgi?id=2477205https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwqhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44005.json
2026-05-13
Published