vm2 Node.js Library Vulnerability Enable Sandbox Escape and Improper Code Execution
A dozen critical security vulnerabilities have been exposed in the vm2 Node.js library that can be exploited by bad actors to break out of the sandbox and execute malicious code on vulnerable systems.
vm2 is an open source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment.
The security flaws are listed below –
- CVE-2026-24118 (CVSS score: 9.8) – A vulnerability that allows sandboxing via “__lookupGetter__” and allows an attacker to execute arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches to 3.11.0)
- CVE-2026-24120 (CVSS score: 9.8) – Patch bypass for CVE-2023-37466 (CVSS score: 9.8) which could allow attackers to escape the sandbox by using the promise object type property and execute arbitrary commands on the underlying host. (Affects versions <= 3.10.3, deprecated in 3.10.5)
- CVE-2026-24781 (CVSS score: 9.8) – A vulnerability that allows sandboxing via the “check” function and allows an attacker to execute arbitrary code on the underlying host. (Affects versions <= 3.10.3, patches to 3.11.0)
- CVE-2026-26332 (CVSS score: 9.8) – A vulnerability that allows sandbox escape via “SuppressedError” and allows an attacker to execute arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches to 3.11.0)
- CVE-2026-26956 (CVSS score: 9.8) – A vulnerability in the security mechanism that allows sandbox escape and arbitrary code execution by triggering a TypeError generated by Symbol-to-string coercion. (Applies to version 3.10.4, verified in Node.js 25.6.1, patched in 3.10.5)
- CVE-2026-43997 (CVSS score: 10.0) – A code injection vulnerability that allows an attacker to obtain a host Object and escape the sandbox, leading to arbitrary code execution. (Affects versions <= 3.10.5, listed in 3.11.0)
- CVE-2026-43999 (CVSS Score: 9.9) – A vulnerability that allows bypassing the built-in permission list of NodeVM and enables an attacker to load uninstalled builtins as child_process and execute remote code execution. (Applies to version 3.10.5, patched in 3.11.0)
- CVE-2026-44005 (CVSS score: 10.0) – A vulnerability that allows an attacker-controlled JavaScript to escape from the sandbox and enable instance pollution. (Affects versions 3.9.6-3.10.5, listed in 3.11.0)
- CVE-2026-44006 (CVSS Score: 10.0) – Code injection vulnerability with “BaseHandler.getPrototypeOf” which enables sandbox escape and remote code execution. (Affects versions <= 3.10.5, listed in 3.11.0)
- CVE-2026-44007 (CVSS score: 9.1) – An arbitrary access control vulnerability that allows sandbox escape and arbitrary execution of operating system commands on the underlying host. (Affects versions <= 3.11.0, listed in 3.11.1)
- CVE-2026-44008 (CVSS score: 9.8) – A vulnerability that allows sandboxing via “neutralizeArraySpeciesBatch()” and allows an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, deprecated in 3.11.2)
- CVE-2026-44009 (CVSS score: 9.8) – A vulnerability that allows sandboxing via a null proto variant and allows an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, deprecated in 3.11.2)
This disclosure comes a few months after vm2 maintainer Patrik Simek released patches for another critical sandbox escape bug (CVE-2026-22709, CVSS score: 9.8) that could lead to arbitrary code execution on the underlying host system.
A series of newly identified sandbox escapes illustrates the challenge of safely isolating untrusted code in JavaScript-based sandbox environments, with Simek previously admitting that new bypasses will likely be discovered in the future. vm2 users are advised to update to the latest version (3.11.2) for proper security.
