THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesMay 7, 2026

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

Multiple critical vulnerabilities in vm2 Node.js library allow sandbox escape and arbitrary code execution.

Read at source

Summary

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library. Successful exploitation could allow attackers to break out of the sandbox and execute arbitrary code on vulnerable systems. Patches are available in vm2 versions 3.10.5, 3.11.0, 3.11.1 and 3.11.2.

Full text

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution Ravie LakshmananMay 07, 2026Vulnerability / Software Security A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment. The security flaws are listed below - CVE-2026-24118 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGetter__" and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches in 3.11.0) CVE-2026-24120 (CVSS score: 9.8) - A patch bypass for CVE-2023-37466 (CVSS score: 9.8) that could allow attackers to escape the sandbox through the species property of promise objects and execute arbitrary commands on the underlying host. (Affects versions <= 3.10.3, patched in 3.10.5) CVE-2026-24781 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via the "inspect" function and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.3, patches in 3.11.0) CVE-2026-26332 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "SuppressedError" and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches in 3.11.0) CVE-2026-26956 (CVSS score: 9.8) - A protection mechanism failure vulnerability that allows sandbox escape with arbitrary code execution by triggering a TypeError produced by Symbol-to-string coercion. (Affects version 3.10.4, confirmed on Node.js 25.6.1, patched in 3.10.5) CVE-2026-43997 (CVSS score: 10.0) - A code injection vulnerability that allows an attacker to obtain the host Object and escape the sandbox, leading to arbitrary code execution. (Affects versions <= 3.10.5, patched in 3.11.0) CVE-2026-43999 (CVSS score: 9.9) - A vulnerability that allows a bypass of NodeVM's built-in allowlist and enables an attacker to load excluded builtins like child_process and achieve remote code execution. (Affects version 3.10.5, patched in 3.11.0) CVE-2026-44005 (CVSS score: 10.0) - A vulnerability that allows attacker-controlled JavaScript to escape the sandbox and enable prototype pollution. (Affects versions 3.9.6-3.10.5, patched in 3.11.0) CVE-2026-44006 (CVSS score: 10.0) - A code injection vulnerability via "BaseHandler.getPrototypeOf" that enables sandbox escape and remote code execution. (Affects versions <= 3.10.5, patched in 3.11.0) CVE-2026-44007 (CVSS score: 9.1) - An improper access control vulnerability that allows sandbox escape and execution of arbitrary operating system commands on the underlying host. (Affects versions <= 3.11.0, patched in 3.11.1) CVE-2026-44008 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "neutralizeArraySpeciesBatch()" and permits an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, patched in 3.11.2) CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, patched in 3.11.2) A security researcher using the alias "XmiliaH" has been credited with discovering and reporting a significant chunk of the flaws (CVE-2026-24118, CVE-2026-24120, CVE-2026-24781, CVE-2026-44008, and CVE-2026-44009), while "0x5t" (CVE-2026-26956) "c0rydoras" (CVE-2026-43997, CVE-2026-44006), "bugbunny-research" (CVE-2026-43999), "hongancalif" (CVE-2026-44005), and Akshat Sinha (CVE-2026-44007) have been acknowledged for reporting the rest. The disclosure comes a couple of months after vm2 maintainer Patrik Simek released patches for another critical sandbox escape flaw (CVE-2026-22709, CVSS score: 9.8) that could lead to arbitrary code execution on the underlying host system. The string of newly identified sandbox escapes illustrates the challenge of securely isolating untrusted code in JavaScript-based sandbox environments, with Simek acknowledging previously that new bypasses will likely be discovered in the future. Users of vm2 are advised to update to the latest version (3.11.2) for optimal protection. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Code Injection, cybersecurity, JavaScript, Open Source, remote code execution, sandbox, software security, Vulnerability ⚡ Top Stories This Week Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories Microsoft Warns of Two Actively Exploited Defender Vulnerabilities 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective The New Phishing Click: How OAuth Consent Bypasses MFA Developer Workstations Are Now Part of the Software Supply Chain ⭐ Featured Resources Claim ANY.RUN Anniversary Offer for Faster Malware Analysis [Guide] Learn to Detect AI Typosquatting Risks in Your Domain [Guide] Get Key Identity Security Insights From 2026 Snapshot Discover How to Navigate the Era of Constant Cyber Exposure

Indicators of Compromise

  • cve — CVE-2026-24118
  • cve — CVE-2026-24120
  • cve — CVE-2026-24781
  • cve — CVE-2026-26332
  • cve — CVE-2026-26956
  • cve — CVE-2026-43997
  • cve — CVE-2026-43999
  • cve — CVE-2026-44005
  • cve — CVE-2026-44006
  • cve — CVE-2026-44007
  • cve — CVE-2026-44008
  • cve — CVE-2026-44009
  • cve — CVE-2026-22709

Entities

vm2 (product)Node.js (technology)