CVE 10 CRITICAL

vm2: Sandbox escape_CVE-2026-44005

May 13, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Description

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.

AI Analysis

Sandbox escape vulnerability in vm2 allowing attacker-controlled JavaScript to mutate shared host Object.prototype, Array.prototype, and Function.prototype

Basic Information

ID CVE-2026-44005

Source GitHub_M

Published May 13, 2026 at 17:40

Affected Product

Vendor patriksimek

Product vm2

Version >= 3.9.6, < 3.11.0

Affected Versions patriksimek vm2 >= 3.9.6, < 3.11.0

CWE Classification

CWE-1321 CWE-94

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor patriksimek

Product vm2

Version 3.9.6-3.10.5

References

github.com /patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq

{
    "lastseen": "",
    "description": "vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.",
    "published": "2026-05-13T17:40:41.578Z",
    "modified": "2026-05-13T17:40:41.578Z",
    "type": "cve",
    "title": "vm2: Sandbox escape",
    "source": "GitHub_M",
    "references": "https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq",
    "id": "CVE-2026-44005",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1321",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "patriksimek vm2 >= 3.9.6, < 3.11.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vm2",
    "version": ">= 3.9.6, < 3.11.0",
    "vendor": "patriksimek",
    "ai_description": "Sandbox escape vulnerability in vm2 allowing attacker-controlled JavaScript to mutate shared host Object.prototype, Array.prototype, and Function.prototype",
    "ai_severity": "Critical",
    "ai_vendor": "patriksimek",
    "ai_product": "vm2",
    "ai_version": "3.9.6-3.10.5",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply