More than a dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by malicious actors to breach the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open source library used to run untrusted JavaScript code in a secure sandbox by intercepting and proxying JavaScript objects, preventing sandboxed code from accessing the host environment.
The security flaws are listed below.
CVE-2026-24118 (CVSS score: 9.8) – A vulnerability that allows a “__lookupGetter__” sandbox escape that allows attackers to execute arbitrary code on the underlying host. (Affects versions 3.10.4 and below, patch 3.11.0) CVE-2026-24120 (CVSS score: 9.8) – Patch bypass for CVE-2023-37466 (CVSS score: 9.8) allows attackers to It is possible to escape the sandbox through properties and execute arbitrary commands on the underlying host. (Affects versions 3.10.3 and below, patched in 3.10.5) CVE-2026-24781 (CVSS score: 9.8) – Vulnerability that allows sandbox escape through the “inspect” function, allowing attackers to execute arbitrary code on the underlying host. (Affects versions 3.10.3 and below, patch 3.11.0) CVE-2026-26332 (CVSS score: 9.8) – Vulnerability that allows “SuppressedError” sandbox escape, allowing attackers to execute arbitrary code on the underlying host. (Affects versions 3.10.4 and below, patch 3.11.0) CVE-2026-26956 (CVSS score: 9.8) – Protection mechanism failure vulnerability that allows arbitrary code execution to escape the sandbox by triggering a TypeError generated by symbol-to-string coercion. (Affects version 3.10.4, verified in Node.js 25.6.1, patched in 3.10.5) CVE-2026-43997 (CVSS Score: 10.0) – Code injection vulnerability could allow an attacker to escape the sandbox by obtaining the host object and potentially execute arbitrary code. (Affects versions 3.10.5 and below, patched in 3.11.0) CVE-2026-43999 (CVSS score: 9.9) – Vulnerability that allows bypass of NodeVM’s built-in whitelist, allowing attackers to load excluded built-ins such as child_process and perform remote code execution. (Affecting version 3.10.5, patched in 3.11.0) CVE-2026-44005 (CVSS score: 10.0) – Vulnerability that allows attacker-controlled JavaScript to escape from the sandbox, allowing prototype contamination. (Affects versions 3.9.6 – 3.10.5, patched in 3.11.0) CVE-2026-44006 (CVSS score: 10.0) – Code injection vulnerability via “BaseHandler.getPrototypeOf” that allows sandbox escape and remote code execution. (Affects versions 3.10.5 and below, patched in 3.11.0) CVE-2026-44007 (CVSS score: 9.1) – Improper access control vulnerability allows sandbox escape and execution of arbitrary operating system commands on the underlying host. (Affects versions 3.11.0 and below, patched in 3.11.1) CVE-2026-44008 (CVSS score: 9.8) – Vulnerability that allows attackers to escape the sandbox via “neutralizeArraySpeciesBatch()” and execute arbitrary commands on the underlying host. (Affects versions 3.11.1 and below, patched in 3.11.2) CVE-2026-44009 (CVSS score: 9.8) – Vulnerability that allows sandbox escape via a null proto exception, allowing attackers to execute arbitrary commands on the underlying host. (Affects versions 3.11.1 and below, patched in 3.11.2)
This disclosure comes months after VM2 maintainer Patrik Simek released a patch for another critical sandbox escape flaw (CVE-2026-22709, CVSS score: 9.8) that could lead to arbitrary code execution on the underlying host system.
The newly identified set of sandbox escapes illustrates the challenge of safely isolating untrusted code in JavaScript-based sandbox environments, and Simek previously acknowledged that new bypasses were likely to be discovered in the future. For optimal protection, we recommend that VM2 users update to the latest version (3.11.2).
Source link
