Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host Function object. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.2.
Published: 2026-05-13
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

vm2 is an open source sandbox for Node.js that relies on a function called neutralizeArraySpeciesBatch to isolate array behavior. In versions before 3.11.2 the method can pick up objects from the surrounding environment and, through a getter on the array prototype, expose host objects back into the VM. An attacker who can inject code into the VM can therefore obtain the host Function object and execute arbitrary code on the underlying system. This is a classic container escape that directly compromises confidentiality, integrity and availability of the host.

Affected Systems

The library patriksimek:vm2 is affected when its installed version is older than 3.11.2. All releases prior to 3.11.2 contain the susceptible implementation of neutralizeArraySpeciesBatch and therefore allow the described escape.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8, reflecting a high exploitation potential. The EPSS score is not available, but the lack of a listing in the CISA KEV catalog does not mitigate the severity. An attacker must first be able to execute code inside the vm2 sandbox – a scenario common in untrusted package execution or compromised build pipelines – and then invoke the vulnerable method to break out. If achieved, the attacker can run host commands with the privileges of the Node.js process.

Generated by OpenCVE AI on May 13, 2026 at 19:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the vm2 library to version 3.11.2 or later, which removes the vulnerable neutralizeArraySpeciesBatch implementation.
  • If an immediate upgrade is not possible, eliminate or replace any calls to neutralizeArraySpeciesBatch in your code and avoid exposing host objects to the sandbox.
  • Implement strong isolation for the VM environment, such as running the process in a sandboxed container or with limited user privileges, to reduce the impact if an escape occurs.

Generated by OpenCVE AI on May 13, 2026 at 19:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9qj6-qjgg-37qq vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`
History

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Vm2 Project
Vm2 Project vm2
CPEs cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Vendors & Products Vm2 Project
Vm2 Project vm2

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Wed, 13 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host Function object. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.2.
Title vm2: Snabox breakout via `neutralizeArraySpeciesBatch`
Weaknesses CWE-668
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Patriksimek Vm2
Vm2 Project Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T03:55:58.336Z

Reserved: 2026-05-04T21:24:36.505Z

Link: CVE-2026-44008

cve-icon Vulnrichment

Updated: 2026-05-14T18:21:37.427Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-13T18:16:17.667

Modified: 2026-05-14T15:17:59.563

Link: CVE-2026-44008

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:00:04Z

Weaknesses