CVE-2026-44006— vm2: Sandbox Escape
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44006
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vm2: Sandbox Escape
Source: NVD (National Vulnerability Database)
Vulnerability Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
vm2 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.11.0之前版本存在代码注入漏洞,该漏洞源于可访问BaseHandler.getPrototypeOf,用于获取任意原型。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | - |
II. Public POCs for CVE-2026-44006
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44006
请登录查看更多情报信息。
- https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-44006
Same Patch Batch · patriksimek · 2026-05-13 · 14 CVEs total
| CVE-2026-43997 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-44005 | 10.0 CRITICAL | vm2: Sandbox escape |
| CVE-2026-43999 | 9.9 CRITICAL | vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox |
| CVE-2026-45411 | 9.8 CRITICAL | vm2: Sandbox Breakout Using Async Generator |
| CVE-2026-44009 | 9.8 CRITICAL | vm2: Sandbox Breakout Through Null Proto Exception |
| CVE-2026-44008 | 9.8 CRITICAL | vm2: Snabox breakout via `neutralizeArraySpeciesBatch` |
| CVE-2026-44007 | 9.1 CRITICAL | vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS comman |
| CVE-2026-44001 | 8.6 HIGH | vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) |
| CVE-2026-43998 | 8.5 HIGH | vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape |
| CVE-2026-44004 | 7.5 HIGH | vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass) |
| CVE-2026-44000 | 6.5 MEDIUM | vm2: sandbox boundary bypass via host Promise resolution preserving host object identity |
| CVE-2026-44002 | 5.8 MEDIUM | vm2: Host File Path Disclosure via Stack Trace Information Leak |
| CVE-2026-44003 | 5.3 MEDIUM | vm2: Transformer Fast-Path Bypass Exposes Internal State Variable |
IV. Related Vulnerabilities
Same product: vm2
Same vendor: patriksimek
Same weakness: CWE-94
- CVE-2018-25320
ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution - CVE-2021-47952
python jsonpickle 2.0.0 Remote Code Execution via py/repr - CVE-2021-47964
Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanag - CVE-2026-44717
MCP Calculate Server: Prompt Injection to RCE - CVE-2026-41258
OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRan
V. Comments for CVE-2026-44006
No comments yet