CVE-2026-44006
published 2026-05-13CVE-2026-44006: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary…
PriorityP259critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.81%
52.5th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.0 | 3.11.0 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | < 3.11.0 | 3.11.0 |
| vm2_project | vm2 | >= 0 < 3.11.0 | 3.11.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Sandboxed code attempts to access BaseHandler.getPrototypeOf to retrieve arbitrary prototypes, which is the core exploitation primitive for this sandbox escape ↗
- →Monitor for vm2 versions prior to 3.11.0 in Node.js environments; any execution of untrusted code in these versions may result in sandbox escape and host-level code execution ↗
- →Network-exposed services accepting user-supplied code for execution in vm2 sandboxes are at highest risk; the vulnerability is remotely exploitable with no authentication or user interaction required (CVSS AV:N/AC:L/PR:N/UI:N) ↗
- ·Red Hat Developer Hub (rhdh/rhdh-hub-rhel9) and Self-service automation portal 2 (ansible-automation-platform/automation-portal) are listed as under investigation for this vulnerability; patch status is not yet confirmed for these packages ↗
- ·The fix is exclusively in vm2 version 3.11.0; any deployment running vm2 < 3.11.0 that executes untrusted code remains fully exposed ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 up to 3.10.x BaseHandler.getPrototypeOf code injection (GHSA-qcp4-v2jj-fjx8)
vuldb·2026-05-13·CVSS 10.0
CVE-2026-44006 [CRITICAL] patriksimek vm2 up to 3.10.x BaseHandler.getPrototypeOf code injection (GHSA-qcp4-v2jj-fjx8)
A vulnerability identified as critical has been detected in patriksimek vm2 up to 3.10.x. This affects the function BaseHandler.getPrototypeOf. This manipulation causes code injection.
This vulnerability appears as CVE-2026-44006. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
GHSA
vm2 has a Sandbox Escape Vulnerability
ghsa·2026-05-07
CVE-2026-44006 [CRITICAL] CWE-94 vm2 has a Sandbox Escape Vulnerability
vm2 has a Sandbox Escape Vulnerability
### Summary
It is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes
### Details
https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658
`BaseHandler` can be reached via `util.inspect` (same as https://github.com/patriksimek/vm2/commit/57971fa423abeb66f09e47e18102986549474ca8)
### PoC
```js
let obj = {
subarray: Buffer.prototype.inspect,
slice: Buffer.prototype.slice,
hexSlice: () => '',
};
let sym;
obj.slice(10, {
showHidden: true,
showProxy: true,
depth: 10,
stylize(a) {
const handler = this.seen && this.seen[1];
if (handler && handler.getPrototypeOf) {
gP = handler.getPrototypeOf;
HObjectProto = gP(gP(gP(gP(Buffer))));
HObject = HObjectProto.constru
Red Hat
vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution
vendor_redhat·2026-05-13·CVSS 10.0
CVE-2026-44006 [CRITICAL] CWE-914 vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution
vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
A flaw was found in vm2 (before 3.11.0). Sandboxed code can reach BaseHandler.getPrototypeOf to obtain arbitrary prototypes, enabling sandbox escape and arbitrary code execution. Fixed in 3.11.0.
Statement: vm2 is vulnerable to sandbox escape via unrestricted access to BaseHandler.getPrototypeOf, allowing retrieval of arbitrary prototypes and host code execution. A remote unauthenticated attacker who can submit sandboxed code may escape the sandbox. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-44006 vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution
bugzilla·2026-05-13·CVSS 10.0
CVE-2026-44006 [CRITICAL] CVE-2026-44006 vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution
CVE-2026-44006 vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
Hackernews
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
blogs_hackernews·2026-05-07·CVSS 10.0
CVE-2026-24118 [CRITICAL] vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment.
The security flaws are listed below -
CVE-2026-24118 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGette
https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8https://access.redhat.com/security/cve/CVE-2026-44006https://bugzilla.redhat.com/show_bug.cgi?id=2477200https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44006.json
2026-05-13
Published