Full Report
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
Analysis Summary
# Vulnerability: Multiple Critical Sandbox Escapes in vm2
## CVE Details
- **CVE IDs:**
- **Critical (10.0):** CVE-2026-43997, CVE-2026-44005, CVE-2026-44006
- **Critical (9.1 - 9.9):** CVE-2026-24118, CVE-2026-24120, CVE-2026-24781, CVE-2026-26332, CVE-2026-26956, CVE-2026-43999, CVE-2026-44008, CVE-2026-44009, CVE-2026-22709
- **High (9.1):** CVE-2026-44007
- **CVSS Score:** 9.1 – 10.0 (Critical)
- **CWE:** CWE-94 (Code Injection), CWE-269 (Improper Privilege Management), CWE-284 (Improper Access Control)
## Affected Systems
- **Products:** vm2 library for Node.js.
- **Versions:**
- All versions prior to **3.11.2** are affected by at least one of the disclosed vulnerabilities.
- Specific versions range from **3.9.6** up to **3.11.1**.
- **Configurations:** Systems utilizing vm2 to execute untrusted JavaScript code in a sandboxed environment.
## Vulnerability Description
A dozen vulnerabilities have been identified that allow attackers to bypass the architectural boundaries of the vm2 sandbox. These flaws involve:
- **Proxy/Object Manipulation:** Exploiting internal methods like `__lookupGetter__`, `BaseHandler.getPrototypeOf`, and `neutralizeArraySpeciesBatch()` to access the host context.
- **Property Injection:** Using properties like `species` on Promise objects or triggering `TypeError` via Symbol-to-string coercion to crash/exit the sandbox state.
- **Logic Bypasses:** Bypassing the built-in `NodeVM` allowlist to load restricted host modules such as `child_process`.
- **Prototype Pollution:** Escaping the sandbox to modify the base object prototypes of the underlying host environment.
## Exploitation
- **Status:** PoC availability is highly likely given the detailed vulnerability descriptions; attackers can use these methods to execute arbitrary OS commands.
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Remote).
## Impact
- **Confidentiality:** Total (Full access to host files and data).
- **Integrity:** Total (Ability to modify host system files and execute arbitrary code).
- **Availability:** Total (Ability to crash the host or delete system resources).
## Remediation
### Patches
Maintainers have released several sequential patches to address these flaws. Users must update to the latest version immediately:
- **Update to vm2 version 3.11.2** (Addresses CVE-2026-44008 and CVE-2026-44009).
- Previous iterations included versions 3.10.5, 3.11.0, and 3.11.1.
### Workarounds
- No viable software workarounds are provided in the article. Users should migrate to more secure isolation methods (e.g., Docker containers or isolated microservices) if a library update is not possible.
## Detection
- **Indicators of Compromise:** Unusual child processes spawned by Node.js applications; unexpected `TypeError` logs in application telemetry; unauthorized file system access by the Node.js process.
- **Detection Methods:** Audit `package-lock.json` or `yarn.lock` files for vulnerable versions of vm2. Use SCA (Software Composition Analysis) tools to identify vulnerable dependencies.
## References
- **Vendor Security Advisories:**
- hxxps://github[.]com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p
- hxxps://github[.]com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p
- hxxps://github[.]com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6
- hxxps://github[.]com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm
- **Full Report:** hxxps://thehackernews[.]com/2026/05/vm2-nodejs-library-vulnerabilities.html