CVE-2026-44003— vm2: Transformer Fast-Path Bypass Exposes Internal State Variable
Possible ATT&CK Techniques 2AI
T1211 · Exploitation for Stealth T1059 · Command and Scripting InterpreterAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44003
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vm2: Transformer Fast-Path Bypass Exposes Internal State Variable
Source: NVD (National Vulnerability Database)
Vulnerability Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL variable, which exposes internal security functions (handleException, wrapWith, import). This vulnerability is fixed in 3.11.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
vm2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.11.0之前版本存在安全漏洞,该漏洞源于代码转换器的性能优化跳过了AST分析,允许沙箱代码直接访问内部VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL变量,暴露内部安全函数。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | - |
II. Public POCs for CVE-2026-44003
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44003
请登录查看更多情报信息。
- https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-44003
Same Patch Batch · patriksimek · 2026-05-13 · 14 CVEs total
| CVE-2026-43997 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-44005 | 10.0 CRITICAL | vm2: Sandbox escape |
| CVE-2026-44006 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-43999 | 9.9 CRITICAL | vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox |
| CVE-2026-45411 | 9.8 CRITICAL | vm2: Sandbox Breakout Using Async Generator |
| CVE-2026-44009 | 9.8 CRITICAL | vm2: Sandbox Breakout Through Null Proto Exception |
| CVE-2026-44008 | 9.8 CRITICAL | vm2: Snabox breakout via `neutralizeArraySpeciesBatch` |
| CVE-2026-44007 | 9.1 CRITICAL | vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS comman |
| CVE-2026-44001 | 8.6 HIGH | vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) |
| CVE-2026-43998 | 8.5 HIGH | vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape |
| CVE-2026-44004 | 7.5 HIGH | vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass) |
| CVE-2026-44000 | 6.5 MEDIUM | vm2: sandbox boundary bypass via host Promise resolution preserving host object identity |
| CVE-2026-44002 | 5.8 MEDIUM | vm2: Host File Path Disclosure via Stack Trace Information Leak |
IV. Related Vulnerabilities
Same product: vm2
Same vendor: patriksimek
V. Comments for CVE-2026-44003
No comments yet