CVE 9.8 CRITICAL

vm2: Snabox breakout via `neutralizeArraySpeciesBatch`_CVE-2026-44008

May 13, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host Function object. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.2.

AI Analysis

Sandbox breakout via `neutralizeArraySpeciesBatch` allowing arbitrary command execution on the host system

Basic Information

ID CVE-2026-44008

Source GitHub_M

Published May 13, 2026 at 17:35

Affected Product

Vendor patriksimek

Product vm2

Version < 3.11.2

Affected Versions patriksimek vm2 < 3.11.2

CWE Classification

CWE-668

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor patriksimek

Product vm2

Version < 3.11.2

References

github.com /patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq

{
    "lastseen": "",
    "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host Function object. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.2.",
    "published": "2026-05-13T17:35:03.275Z",
    "modified": "2026-05-13T17:35:03.275Z",
    "type": "cve",
    "title": "vm2: Snabox breakout via `neutralizeArraySpeciesBatch`",
    "source": "GitHub_M",
    "references": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq",
    "id": "CVE-2026-44008",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668"
    ],
    "cvelist": null,
    "sourceData": "patriksimek vm2 < 3.11.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vm2",
    "version": "< 3.11.2",
    "vendor": "patriksimek",
    "ai_description": "Sandbox breakout via `neutralizeArraySpeciesBatch` allowing arbitrary command execution on the host system",
    "ai_severity": "Critical",
    "ai_vendor": "patriksimek",
    "ai_product": "vm2",
    "ai_version": "< 3.11.2",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply