Description
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.
Published: 2026-05-13
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

vm2, an open source sandbox for Node.js, contains a flaw that allows code running in a default or inherited NodeVM to mutate shared host prototypes such as Object.prototype, Array.prototype, and Function.prototype. The vulnerability arises from mutable proxies exposed by the bridge and the use of otherReflectSet and otherReflectDefineProperty to forward sandbox writes to host objects. An attacker controlling JavaScript in the sandbox can therefore alter fundamental JavaScript behavior in the host environment, potentially enabling arbitrary code execution or other privilege escalation within the host process.

Affected Systems

The affected product is vm2 version 3.9.6 through 3.10.5, distributed by patriksimek. The vulnerability is present in these releases and has been addressed in version 3.11.0. Any deployment of vm2 within this range without an upgrade is susceptible.

Risk and Exploitability

The CVSS score of 10 indicates critical severity, and the EPSS score is not available but the vulnerability is not listed in the CISA KEV catalog. A likely attack vector is an application that supplies attacker-controlled JavaScript to a default VM or inherits a NodeVM, thereby exploiting the bridge to modify host prototypes. Because the flaw permits direct mutation of the host environment, exploitation can lead to full host process compromise if not mitigated.

Generated by OpenCVE AI on May 13, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vm2 to version 3.11.0 or later to remove the bridge vulnerability.
  • If upgrading is not immediately possible, avoid using default NodeVM instances that expose the bridge, or isolate vm2 runs in a separate process to contain potential prototype modifications.
  • Implement runtime checks or monitoring to detect unexpected changes to Object.prototype, Array.prototype, or Function.prototype, and trigger alerts or process termination if such modifications are observed.

Generated by OpenCVE AI on May 13, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vwrp-x96c-mhwq vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
History

Fri, 15 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Vm2 Project
Vm2 Project vm2
CPEs cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Vendors & Products Vm2 Project
Vm2 Project vm2

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Wed, 13 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.
Title vm2: Sandbox escape
Weaknesses CWE-1321
CWE-94
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H'}

Subscriptions

Patriksimek Vm2
Vm2 Project Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T09:58:06.914Z

Reserved: 2026-05-04T21:24:36.505Z

Link: CVE-2026-44005

cve-icon Vulnrichment

Updated: 2026-05-14T15:37:49.761Z

cve-icon NVD

Status : Modified

Published: 2026-05-13T18:16:17.257

Modified: 2026-05-14T16:16:23.313

Link: CVE-2026-44005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:00:04Z

Weaknesses