vm2 NodeVM nesting sandbox escape leading to host command execution
CVE-2026-44007 is an improper access control flaw in vm2, the Node.js sandbox library. In vm2 versions up to and including 3.11.0, when a NodeVM is instantiated with nesting: true, code running inside the sandbox can unconditionally require('vm2') regardless of the outer NodeVM's require policy, including configurations explicitly set to require: false. Once the sandboxed code gains access to the vm2 module, it can instantiate a new inner NodeVM with attacker-controlled and less restrictive require settings, then use that inner VM to access dangerous modules and execute arbitrary operating system commands on the host. The issue is effectively a sandbox escape caused by insufficient enforcement of module access restrictions across nested NodeVM contexts.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
nesting: true enabled. The maintainer explicitly describes nesting: true as an escape hatch by design and warns it should not be enabled for untrusted code. Where immediate patching is not possible, disable nesting, avoid exposing vm2-backed execution to untrusted tenants, restrict host-level privileges of the Node.js process, and apply OS/container isolation so that a sandbox escape does not directly yield high-value host access.Remediation
Patch, then assume compromise.
new NodeVM({ nesting: true, require: false }) construction pattern. More broadly, users should move to the most recent maintained vm2 release available in their environment, as later releases also address additional sandbox escape issues.Exploits
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A sandbox escape in vm2 for Node.js that allows arbitrary OS command execution on the host when NodeVM is created with nesting: true, leading to full compromise of applications running untrusted code.
A critical vm2 improper access control vulnerability that enables sandbox escape and arbitrary operating system command execution on the host.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.