External risk intelligence

vm2 sandbox could allow external attacker to compromise the host server

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-44005

An external attacker can escape the vm2 sandbox by exploiting a flaw in its security controls. This allows the attacker to run unauthorized commands on the underlying server, which could lead to a total compromise of the host system.

2Halo Surface Signal

Code Injection

Vm2 Project Vm2

3.9.6 to before 3.11.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-44005

vm2 is an embedded software library used for isolating code, not a standalone internet-facing service or edge component. While it is utilized by applications that may process untrusted input, the library itself is an internal dependency typically nested within application code, rather than an exposed gateway, API, or service with direct public network reachability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

The vm2 Node.js sandbox has a critical vulnerability where attackers can manipulate core JavaScript prototypes from within the sandbox. This allows them to alter the behavior of applications that use vm2 for code isolation.

  • Compromise application logic.
  • Affects applications using the vm2 library.
  • Malicious code can escape the sandbox.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this by injecting malicious JavaScript code into a Node.js application that uses a vulnerable version of the `vm2` library. This allows them to break out of the sandbox and directly manipulate critical JavaScript object prototypes on the host system. Such manipulation can lead to widespread compromise by altering the behavior of fundamental language features for any code running in the environment.

  • Requires unauthenticated access.
  • Targets the `vm2` library.
  • Exploits prototype pollution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in vm2, a Node.js sandbox, allows for modification of host objects from within the sandbox, which could be leveraged by attackers. While the critical severity and potential for severe impact are concerning, the nature of vm2 as a library rather than a direct entry point might limit immediate widespread exploitation.

  • Exploitation is possible, but indirect.
  • No public exploits are observed.
  • Recency signal is weak.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize upgrading vm2 to version 3.11.0 to remediate this critical vulnerability, which allows code within a sandbox to mutate host prototypes. If immediate patching is not feasible, isolate or disable services utilizing vulnerable versions of vm2 to prevent potential exploitation.

  • Upgrade vm2 to 3.11.0.
  • Isolate or disable affected services.
  • Monitor for unexpected prototype mutations.

Frequently asked questions

What is vm2 and what is it used for?

vm2 is an open-source sandbox library for Node.js. It's designed to isolate and run untrusted JavaScript code, preventing it from accessing or affecting the host system. Developers use it to safely execute code from external sources or less trusted parts of an application.

What is the weakness in vm2 related to CVE-2026-44005?

The vulnerability in vm2, classified as CWE-94 (Code Injection) and CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes), stems from how it handles communication between the sandbox and the host. It incorrectly exposes mutable proxies that allow code inside the sandbox to alter fundamental JavaScript prototypes like Object.prototype, Array.prototype, and Function.prototype on the host.

How can an attacker exploit this vm2 vulnerability?

An attacker would need to run specially crafted JavaScript code within a vulnerable vm2 sandbox. This code would leverage the exposed mutable proxies to modify shared host prototypes. The vulnerability is not triggered by unauthenticated network access directly to the vm2 library itself, but rather by executing malicious code within an application that utilizes a vulnerable version of vm2.

Who should be concerned about the vm2 vulnerability?

Organizations using the vm2 Node.js library in their applications should be concerned. Although vm2 is typically an internal dependency, if the applications using it process untrusted input or are exposed to the internet, the potential for compromise is relevant. The Halo Surface Signal indicates this is unlikely to be an internet-facing service, suggesting the risk is more contained within internal application logic.

What is the first step to address the vm2 CVE-2026-44005 vulnerability?

The most effective first step is to upgrade the vm2 library to version 3.11.0 or later, as this version contains the fix for the vulnerability. If an immediate upgrade is not possible, consider isolating or disabling the specific services or components that rely on vulnerable versions of vm2 to mitigate the risk of exploitation.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified