cbcvebase.
CVE-2026-44007
published 2026-05-13

CVE-2026-44007: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2')…

PriorityP260critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.90%
55.2th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.

Affected

5 ranges
VendorProductVersion rangeFixed in
ansible-automation-platformautomation-portal
patriksimekvm2< 3.11.13.11.1
rhdhrhdh-hub-rhel9
vm2_projectvm2< 3.11.13.11.1
vm2_projectvm2>= 0 < 3.11.13.11.1

Detection & IOCsextracted from sources · hover to see the quote

  • Detect sandbox code calling require('vm2') from within a NodeVM context, which is the initial step of the escape chain
  • Flag NodeVM instantiation with nesting: true in application code, as this is the prerequisite configuration that enables the vulnerability
  • Monitor for child NodeVM instances being constructed from within an already-running sandbox (nested NodeVM creation), especially with unrestricted require settings
  • Alert on arbitrary OS command execution spawned from a Node.js vm2 sandbox process, which is the final payload stage of this exploit chain
  • ·The vulnerability is only exploitable when NodeVM is explicitly configured with nesting: true; disabling this option eliminates the attack surface
  • ·The outer VM's require: false setting provides NO protection when nesting is enabled — sandbox code bypasses it unconditionally
  • ·Any application running untrusted code in a nested NodeVM should be treated as fully compromised until patched to 3.11.1
  • ·Red Hat packages rhdh/rhdh-hub-rhel9 and ansible-automation-platform/automation-portal are still under investigation for impact

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.