CVE-2026-44009— vm2: Sandbox Breakout Through Null Proto Exception
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| patriksimek | vm2 | < 3.11.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44009
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vm2: Sandbox Breakout Through Null Proto Exception
Source: NVD (National Vulnerability Database)
Vulnerability Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
vm2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.11.2之前版本存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| patriksimek | vm2 | < 3.11.2 | - |
II. Public POCs for CVE-2026-44009
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44009
请登录查看更多情报信息。
- https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcmx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-44009
Same Patch Batch · patriksimek · 2026-05-13 · 14 CVEs total
| CVE-2026-43997 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-44005 | 10.0 CRITICAL | vm2: Sandbox escape |
| CVE-2026-44006 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-43999 | 9.9 CRITICAL | vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox |
| CVE-2026-45411 | 9.8 CRITICAL | vm2: Sandbox Breakout Using Async Generator |
| CVE-2026-44008 | 9.8 CRITICAL | vm2: Snabox breakout via `neutralizeArraySpeciesBatch` |
| CVE-2026-44007 | 9.1 CRITICAL | vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS comman |
| CVE-2026-44001 | 8.6 HIGH | vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) |
| CVE-2026-43998 | 8.5 HIGH | vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape |
| CVE-2026-44004 | 7.5 HIGH | vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass) |
| CVE-2026-44000 | 6.5 MEDIUM | vm2: sandbox boundary bypass via host Promise resolution preserving host object identity |
| CVE-2026-44002 | 5.8 MEDIUM | vm2: Host File Path Disclosure via Stack Trace Information Leak |
| CVE-2026-44003 | 5.3 MEDIUM | vm2: Transformer Fast-Path Bypass Exposes Internal State Variable |
IV. Related Vulnerabilities
Same weakness: CWE-668
- CVE-2026-44552
Open WebUI: Redis Cache Keys tool_servers and terminal_serve - CVE-2026-45411
vm2: Sandbox Breakout Using Async Generator - CVE-2026-44008
vm2: Snabox breakout via `neutralizeArraySpeciesBatch` - CVE-2026-41368
OpenClaw < 2026.3.28 - Environment Variable Disclosure via j - CVE-2026-41369
OpenClaw < 2026.3.31 - Insufficient Environment Variable San
V. Comments for CVE-2026-44009
No comments yet