CVE-2026-44008: Critical vm2 Sandbox Escape in Node.js

/CRITICAL /CVSS 9.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycwe-668
CVE-2026-44008: Critical vm2 Sandbox Escape in Node.js

The National Vulnerability Database has disclosed a critical vulnerability, CVE-2026-44008, affecting vm2, an open-source sandbox for Node.js. This flaw, present in versions prior to 3.11.2, allows attackers to bypass the sandbox’s isolation and execute arbitrary commands on the host system. The vulnerability stems from the neutralizeArraySpeciesBatch method, which can expose host objects into the sandbox via a getter on the array prototype, ultimately granting access to the host’s Function object.

This is a severe issue with a CVSS score of 9.8 (Critical), impacting any application that relies on vm2 for secure code execution within a sandboxed environment. The ability to escape the sandbox entirely means an attacker can transition from a contained, untrusted script to full system compromise. For developers and organizations using vm2, this isn’t just a bug; it’s a fundamental failure of the isolation mechanism.

Defenders must prioritize patching immediately. The fix is available in vm2 version 3.11.2. Any delay in applying this update leaves the underlying host system exposed to full remote code execution if an attacker can inject malicious code into the vm2 sandbox. This is a direct path to compromise, and organizations should assume exploitation is a matter of when, not if, for unpatched systems.

What This Means For You

  • If your applications use vm2, check your dependencies NOW. Prioritize upgrading to vm2 version 3.11.2 to mitigate CVE-2026-44008. Assume any untrusted code executed within an unpatched vm2 sandbox could lead to full host compromise. Audit your Node.js environments for vm2 usage and patch immediately.

Related ATT&CK Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation T1574.002 DLL Side-Loading Privilege Escalation T1059.003 Windows Command Shell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1068 Privilege Escalation

vm2 Sandbox Escape via neutralizeArraySpeciesBatch - CVE-2026-44008

Sigma YAML — free preview 
title: vm2 Sandbox Escape via neutralizeArraySpeciesBatch - CVE-2026-44008
id: scw-2026-05-13-ai-1
status: experimental
level: critical
description: |
  Detects the execution of Node.js processes that appear to be leveraging the vm2 library and specifically the 'neutralizeArraySpeciesBatch' function, which is the entry point for the sandbox escape in CVE-2026-44008. This indicates an attempt to exploit the vulnerability to gain host system access.
author: SCW Feed Engine (AI-generated)
date: 2026-05-13
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-44008/
tags:
  - attack.privilege_escalation
  - attack.t1068
logsource:
    category: process_creation
detection:
  selection:
      Image|contains:
          - 'node.exe'
      CommandLine|contains:
          - 'vm2'
          - 'neutralizeArraySpeciesBatch'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-44008 RCE vm2 Node.js sandbox prior to version 3.11.2
CVE-2026-44008 Sandbox Escape vm2 neutralizeArraySpeciesBatch method
CVE-2026-44008 Information Disclosure vm2 exposing host objects into the sandbox via array prototype getter

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 13, 2026 at 21:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Featured

Daily Security Digest — 2026-05-13

41 vulnerability disclosures (10 Critical, 31 High) and 10 curated intelligence stories from 6 sources.

daily-digestvulnerabilityCVEcriticalhigh-severitycwe-328cwe-648remote-code-executioncwe-502cwe-88
/SCW Daily Digest /CRITICAL

CVE-2026-8496 — Cross-Site Scripting (XSS)

CVE-2026-8496 — A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within...

vulnerabilityCVEmedium-severitycross-site-scripting-xss
/SCW Vulnerability Desk /MEDIUM /6.1 /⚑ 1 IOC /⚙ 3 Sigma

Netty DoS Vulnerability (CVE-2026-42587) Bypasses Decompression Limits

CVE-2026-42587 — Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size...

vulnerabilityCVEhigh-severitydenial-of-servicecwe-400
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 4 IOCs /⚙ 4 Sigma