CVE-2026-44000— vm2: sandbox boundary bypass via host Promise resolution preserving host object identity
Possible ATT&CK Techniques 1AI
T1211 · Exploitation for StealthAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44000
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vm2: sandbox boundary bypass via host Promise resolution preserving host object identity
Source: NVD (National Vulnerability Database)
Vulnerability Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. This allows the sandbox to interact with the host object directly, including performing identity checks using host-side WeakMap and mutating host object state from inside the sandbox. This behavior occurs because the Promise fulfillment wrapper uses ensureThis() instead of the stronger cross-realm conversion path (from() / proxy wrapping). If no prototype mapping is found, ensureThis() returns the original object. As a result, objects resolved by host Promises can cross the sandbox boundary without proper isolation. This vulnerability is fixed in 3.11.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
vm2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.11.0之前版本存在安全漏洞,该漏洞源于沙箱边界违规,宿主Promise解析时宿主对象身份可进入沙箱,允许沙箱直接与宿主对象交互,包括执行身份检查和修改宿主对象状态。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | - |
II. Public POCs for CVE-2026-44000
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44000
请登录查看更多情报信息。
- https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjgx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-44000
Same Patch Batch · patriksimek · 2026-05-13 · 14 CVEs total
| CVE-2026-43997 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-44005 | 10.0 CRITICAL | vm2: Sandbox escape |
| CVE-2026-44006 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-43999 | 9.9 CRITICAL | vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox |
| CVE-2026-45411 | 9.8 CRITICAL | vm2: Sandbox Breakout Using Async Generator |
| CVE-2026-44009 | 9.8 CRITICAL | vm2: Sandbox Breakout Through Null Proto Exception |
| CVE-2026-44008 | 9.8 CRITICAL | vm2: Snabox breakout via `neutralizeArraySpeciesBatch` |
| CVE-2026-44007 | 9.1 CRITICAL | vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS comman |
| CVE-2026-44001 | 8.6 HIGH | vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) |
| CVE-2026-43998 | 8.5 HIGH | vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape |
| CVE-2026-44004 | 7.5 HIGH | vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass) |
| CVE-2026-44002 | 5.8 MEDIUM | vm2: Host File Path Disclosure via Stack Trace Information Leak |
| CVE-2026-44003 | 5.3 MEDIUM | vm2: Transformer Fast-Path Bypass Exposes Internal State Variable |
IV. Related Vulnerabilities
Same product: vm2
Same vendor: patriksimek
V. Comments for CVE-2026-44000
No comments yet