A dozen critical security vulnerabilities have been discovered in the vm2 Node.js library, a popular tool for executing untrusted JavaScript code in a secure sandbox environment. These flaws, disclosed on May 7, 2026, could allow attackers to escape the sandbox and execute arbitrary code on vulnerable systems, posing a significant risk to software security.
The vm2 library is designed to isolate potentially malicious JavaScript from the host system by intercepting and proxying objects. However, the newly identified vulnerabilities undermine this security feature, impacting versions up to and including 3.11.1. Maintainers have released patches, urging users to update to version 3.11.2 to mitigate these risks.
vm2 Vulnerabilities Pose Significant Sandboxing Risks
The newly disclosed vulnerabilities in the vm2 Node.js library range in severity, with several rated at a critical CVSS score of 10.0. These vulnerabilities exploit various mechanisms within the sandbox to achieve escape, enabling attackers to gain unauthorized access and execute arbitrary code. The disclosures highlight the ongoing challenges in maintaining robust security for sandboxed environments, particularly within JavaScript ecosystems.
One of the most severe flaws, CVE-2026-43997, carries a CVSS score of 10.0 and allows attackers to obtain the host Object and escape the sandbox, leading to arbitrary code execution. Similarly, CVE-2026-44005, also rated a 10.0, enables prototype pollution through attacker-controlled JavaScript, effectively breaking the sandbox’s isolation. Another critical vulnerability, CVE-2026-44006 (CVSS 10.0), leverages a code injection via `BaseHandler.getPrototypeOf` to achieve sandbox escape and remote code execution.
Other high-severity vulnerabilities include CVE-2026-43999 (CVSS 9.9), which permits bypassing NodeVM’s allowlist and loading excluded built-ins like `child_process`, thereby enabling remote code execution. CVE-2026-44007 (CVSS 9.1) involves improper access control, allowing sandbox escape and the execution of arbitrary operating system commands. Collective patches have been released for these issues, with various versions affected across the discovered vulnerabilities.
Understanding the vm2 Sandbox Escape Vectors
The research detailed several specific exploit vectors that attackers could leverage. For instance, CVE-2026-24118 (CVSS 9.8) allows sandbox escape via the `__lookupGetter__` method. Additionally, CVE-2026-24781 (CVSS 9.8) permits escape through the `inspect` function, and CVE-2026-26332 (CVSS 9.8) utilizes `SuppressedError` as an escape route.
Patch bypasses are also a concern. CVE-2026-24120 (CVSS 9.8) is noted as a patch bypass for a previous vulnerability (CVE-2023-37466), allowing attackers to escape the sandbox through the `species` property of promise objects. CVE-2026-26956 (CVSS 9.8) identified a protection mechanism failure during Symbol-to-string coercion that leads to arbitrary code execution.
Further exploit paths include CVE-2026-44008 (CVSS 9.8), which allows sandbox escape via `neutralizeArraySpeciesBatch()`, and CVE-2026-44009 (CVSS 9.8), which exploits a null proto exception. These diverse methods underscore the depth of the security issues in the affected vm2 versions.
This spate of discoveries follows recent efforts to patch another critical sandbox escape flaw, CVE-2026-22709 (CVSS 9.8), which was addressed by vm2 maintainer Patrik Simek a few months prior. The persistence of such vulnerabilities suggests that securing untrusted code execution remains a complex and evolving challenge in software development.
The vm2 team acknowledges that new bypasses are likely to be discovered, a sentiment echoed by security researchers who continually probe sandboxing technologies. Developers relying on vm2 are strongly advised to update immediately to the latest version, 3.11.2, to incorporate the fixes for these critical **vm2 vulnerabilities**. Monitoring security advisories and applying patches promptly will be crucial for maintaining the integrity of systems that utilize untrusted code execution.