CVE-2026-44007
published 2026-05-13CVE-2026-44007: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2')…
PriorityP260critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.90%
55.2th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.1 | 3.11.1 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | < 3.11.1 | 3.11.1 |
| vm2_project | vm2 | >= 0 < 3.11.1 | 3.11.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect sandbox code calling require('vm2') from within a NodeVM context, which is the initial step of the escape chain ↗
- →Flag NodeVM instantiation with nesting: true in application code, as this is the prerequisite configuration that enables the vulnerability ↗
- →Monitor for child NodeVM instances being constructed from within an already-running sandbox (nested NodeVM creation), especially with unrestricted require settings ↗
- →Alert on arbitrary OS command execution spawned from a Node.js vm2 sandbox process, which is the final payload stage of this exploit chain ↗
- ·The vulnerability is only exploitable when NodeVM is explicitly configured with nesting: true; disabling this option eliminates the attack surface ↗
- ·The outer VM's require: false setting provides NO protection when nesting is enabled — sandbox code bypasses it unconditionally ↗
- ·Any application running untrusted code in a nested NodeVM should be treated as fully compromised until patched to 3.11.1 ↗
- ·Red Hat packages rhdh/rhdh-hub-rhel9 and ansible-automation-platform/automation-portal are still under investigation for impact ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
ghsa·2026-05-07
CVE-2026-44007 [CRITICAL] CWE-284 vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
### Summary
When a `NodeVM` is created with `nesting: true`, sandbox code can unconditionally `require('vm2')` regardless of the outer VM's `require` configuration — including `require: false`. With access to `vm2`, the sandbox constructs a new inner `NodeVM` with its own unrestricted `require` settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a `NodeVM` with `nesting: true` is fully compromised.
### Details
The vulnerability is in how the `nesting: true` option interacts with the legacy module resolver.
**`lib/nodevm.js:96-99`** — `NESTING_OVERRIDE` is a special builtin map that injects the `vm2` package into the sandbo
Red Hat
vm2: vm2: Arbitrary code execution via nested NodeVM bypass
vendor_redhat·2026-05-13·CVSS 9.1
CVE-2026-44007 [CRITICAL] CWE-1100 vm2: vm2: Arbitrary code execution via nested NodeVM bypass
vm2: vm2: Arbitrary code execution via nested NodeVM bypass
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.
A flaw was found in vm2 (before 3.11.1). With nesting: true, sandbox code can require('vm2') regardless of outer require settings (including require: false), spawn an inner NodeVM with unrestricted require, and ex
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-44007 vm2: vm2: Arbitrary code execution via nested NodeVM bypass
bugzilla·2026-05-13·CVSS 9.1
CVE-2026-44007 [CRITICAL] CVE-2026-44007 vm2: vm2: Arbitrary code execution via nested NodeVM bypass
CVE-2026-44007 vm2: vm2: Arbitrary code execution via nested NodeVM bypass
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.
Hackernews
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
blogs_hackernews·2026-05-07·CVSS 10.0
CVE-2026-24118 [CRITICAL] vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment.
The security flaws are listed below -
CVE-2026-24118 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGette
https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmxhttp://www.openwall.com/lists/oss-security/2026/05/05/11https://access.redhat.com/security/cve/CVE-2026-44007https://bugzilla.redhat.com/show_bug.cgi?id=2477198https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44007.json
2026-05-13
Published