Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalPublic exploit

vm2 sandbox escape via null proto exception

IdentifiersCVE-2026-44009CWE-668· Exposure of Resource to Wrong Sphere

CVE-2026-44009 is a critical sandbox-escape vulnerability in vm2, the Node.js sandbox library. It affects vm2 versions up to and including 3.11.1 and is fixed in 3.11.2. Available reporting describes the flaw as a sandbox escape triggered via a null proto exception. The issue is associated with vm2's exception-handling logic and, in broader reporting, with mechanisms that can expose host-side objects and restore access to the host Function constructor. Successful exploitation allows attacker-supplied code running inside the vm2 sandbox to break isolation and reach host execution primitives.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can completely defeat vm2 sandbox isolation. An attacker able to execute JavaScript inside the vulnerable vm2 instance can escape the sandbox, access host-side objects, regain unrestricted access to the host Function constructor, and execute arbitrary commands/code on the underlying host. The published CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates high impact to confidentiality, integrity, and availability.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, reduce or eliminate exposure by preventing untrusted or attacker-controlled JavaScript from being executed in vm2 instances, restricting network reachability to services that expose vm2-backed code execution, and isolating workloads with stronger containment boundaries at the OS/virtualization layer. The source material also recommends considering stronger isolation mechanisms such as Docker, gVisor, or Firecracker microVMs rather than relying on vm2 alone for high-risk untrusted code execution.

Remediation

Patch, then assume compromise.

Upgrade vm2 to version 3.11.2 or later. The provided content states that versions prior to 3.11.2 are affected and that 3.11.2 contains the fix for CVE-2026-44009.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Vm2 ProjectVm2application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
cvefeed high severityNews
May 13, 2026
CVE-2026-44009 - vm2: Sandbox Breakout Through Null Proto Exception

A vulnerability affecting the vm2 open source vm/sandbox for Node.js prior to version 3.11.2. The content indicates high impact to confidentiality, integrity, and availability based on the listed CVSS vector.

Read more
cyber security newsNews
May 7, 2026
Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks

A critical unpatched vm2 sandbox escape vulnerability that abuses array species handling and exception logic to expose host-side objects and regain access to the host Function constructor.

Read more
the hacker newsNews
May 7, 2026
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A critical vm2 sandbox escape vulnerability via a null proto exception that permits arbitrary command execution on the host.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-44009
NVD
nvd.nist.gov/vuln/detail/CVE-2026-44009
MITRE CWE · CWE-668
Exposure of Resource to Wrong Sphere
Vendor Advisory
github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm