A dozen vital security vulnerabilities have been disclosed within the vm2 Node.js library that may very well be exploited by dangerous actors to interrupt out of the sandbox and execute arbitrary code on inclined programs.
vm2 is an open-source library used to run untrusted JavaScript code inside a safe sandbox by intercepting and proxying JavaScript objects to forestall sandboxed code from accessing the host atmosphere.
The security flaws are listed under –
- CVE-2026-24118 (CVSS rating: 9.8) – A vulnerability that enables sandbox escape by way of “__lookupGetter__” and permits an attacker to run arbitrary code on the underlying host. (Impacts variations <= 3.10.4, patches in 3.11.0)
- CVE-2026-24120 (CVSS rating: 9.8) – A patch bypass for CVE-2023-37466 (CVSS rating: 9.8) that would enable attackers to flee the sandbox via the species property of promise objects and execute arbitrary instructions on the underlying host. (Impacts variations <= 3.10.3, patched in 3.10.5)
- CVE-2026-24781 (CVSS rating: 9.8) – A vulnerability that enables sandbox escape by way of the “examine” perform and permits an attacker to run arbitrary code on the underlying host. (Impacts variations <= 3.10.3, patches in 3.11.0)
- CVE-2026-26332 (CVSS rating: 9.8) – A vulnerability that enables sandbox escape by way of “SuppressedError” and permits an attacker to run arbitrary code on the underlying host. (Impacts variations <= 3.10.4, patches in 3.11.0)
- CVE-2026-26956 (CVSS rating: 9.8) – A safety mechanism failure vulnerability that enables sandbox escape with arbitrary code execution by triggering a TypeError produced by Image-to-string coercion. (Impacts model 3.10.4, confirmed on Node.js 25.6.1, patched in 3.10.5)
- CVE-2026-43997 (CVSS rating: 10.0) – A code injection vulnerability that enables an attacker to acquire the host Object and escape the sandbox, resulting in arbitrary code execution. (Impacts variations <= 3.10.5, patched in 3.11.0)
- CVE-2026-43999 (CVSS rating: 9.9) – A vulnerability that enables a bypass of NodeVM’s built-in allowlist and permits an attacker to load excluded builtins like child_process and obtain distant code execution. (Impacts model 3.10.5, patched in 3.11.0)
- CVE-2026-44005 (CVSS rating: 10.0) – A vulnerability that enables attacker-controlled JavaScript to flee the sandbox and allow prototype air pollution. (Impacts variations 3.9.6-3.10.5, patched in 3.11.0)
- CVE-2026-44006 (CVSS rating: 10.0) – A code injection vulnerability by way of “BaseHandler.getPrototypeOf” that permits sandbox escape and distant code execution. (Impacts variations <= 3.10.5, patched in 3.11.0)
- CVE-2026-44007 (CVSS rating: 9.1) – An improper entry management vulnerability that enables sandbox escape and execution of arbitrary working system instructions on the underlying host. (Impacts variations <= 3.11.0, patched in 3.11.1)
- CVE-2026-44008 (CVSS rating: 9.8) – A vulnerability that enables sandbox escape by way of “neutralizeArraySpeciesBatch()” and permits an attacker to execute arbitrary instructions on the underlying host. (Impacts variations <= 3.11.1, patched in 3.11.2)
- CVE-2026-44009 (CVSS rating: 9.8) – A vulnerability that enables sandbox escape by way of a null proto exception and permits an attacker to execute arbitrary instructions on the underlying host. (Impacts variations <= 3.11.1, patched in 3.11.2)
The disclosure comes a few months after vm2 maintainer Patrik Simek launched patches for one more vital sandbox escape flaw (CVE-2026-22709, CVSS rating: 9.8) that would result in arbitrary code execution on the underlying host system.
The string of newly recognized sandbox escapes illustrates the problem of securely isolating untrusted code in JavaScript-based sandbox environments, with Simek acknowledging beforehand that new bypasses will doubtless be found sooner or later. Customers of vm2 are suggested to replace to the most recent model (3.11.2) for optimum safety.
