Patriksimek Vm2 vulnerabilities
34 known vulnerabilities affecting patriksimek/vm2.
Total CVEs
34
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL24HIGH6MEDIUM4
Vulnerabilities
Page 2 of 2
CVE-2026-44006P2CRITICALCVSS 10.0fixed in 3.11.02026-05-13
CVE-2026-44006 [CRITICAL] CWE-94 CVE-2026-44006: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.g
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
nvd
CVE-2026-47131P2CRITICALCVSS 10.0fixed in 3.11.42026-06-12
CVE-2026-47131 [CRITICAL] CWE-913 CVE-2026-47131: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the host's TypeError constructor can be obtained, which allows the escape from the sandbox. This allows
nvd
CVE-2026-43997P3CRITICALCVSS 10.0fixed in 3.11.02026-05-13
CVE-2026-43997 [CRITICAL] CWE-94 CVE-2026-43997: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Obj
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.
nvd
CVE-2026-44005P3CRITICALCVSS 10.0v>= 3.9.6, < 3.11.02026-05-13
CVE-2026-44005 [CRITICAL] CWE-94 CVE-2026-44005: vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable pro
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited No
nvd
CVE-2026-44009P3CRITICALCVSS 9.8fixed in 3.11.22026-05-13
CVE-2026-44009 [CRITICAL] CWE-668 CVE-2026-44009: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.
nvd
CVE-2026-47139P3HIGHCVSS 8.6fixed in 3.11.42026-06-12
CVE-2026-47139 [HIGH] CWE-693 CVE-2026-47139: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding pub
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes underscored internal HTTP builtins such as _http_client
nvd
CVE-2026-47135P3HIGHCVSS 8.7fixed in 3.11.42026-06-12
CVE-2026-47135 [HIGH] CWE-693 CVE-2026-47135: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them to
nvd
CVE-2026-47209P3HIGHCVSS 8.6fixed in 3.11.42026-06-12
CVE-2026-47209 [HIGH] CWE-693 CVE-2026-47209: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in b
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy (e.g., when a child object inherits from the proxy via Object.create), the property a
nvd
CVE-2026-44004P3HIGHCVSS 7.5fixed in 3.11.02026-05-13
CVE-2026-44004 [HIGH] CWE-770 CVE-2026-44004: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc(
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR: Re
nvd
CVE-2026-44000P3HIGHCVSS 7.2fixed in 3.11.02026-05-13
CVE-2026-44000 [HIGH] CWE-693 CVE-2026-44000: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 a
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. This al
nvd
CVE-2026-47141P3MEDIUMCVSS 6.9fixed in 3.11.42026-06-12
CVE-2026-47141 [MEDIUM] CWE-668 CVE-2026-47141: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-w
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnostics_channel, async_hooks, and perf_hooks builtins are not blocked by the dangerous builtin denylist. These modules are process-wide, not sandbox-local. Sandboxed cod
nvd
CVE-2026-44003P4MEDIUMCVSS 5.8fixed in 3.11.02026-05-13
CVE-2026-44003 [MEDIUM] CWE-693 CVE-2026-44003: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performa
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL variable, which ex
nvd
CVE-2026-44002P4MEDIUMCVSS 5.8fixed in 3.11.02026-05-13
CVE-2026-44002 [MEDIUM] CWE-209 CVE-2026-44002: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intende
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library p
nvd
CVE-2023-32313P4MEDIUMCVSS 5.3fixed in 3.9.182023-05-15
CVE-2023-32313 [MEDIUM] CWE-74 CVE-2023-32313: vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lo
vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of versio
nvd
← Previous2 / 2