Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalPublic exploit

vm2 sandbox escape via neutralizeArraySpeciesBatch

IdentifiersCVE-2026-44008CWE-668· Exposure of Resource to Wrong Sphere

CVE-2026-44008 is a critical sandbox escape vulnerability in vm2, the Node.js VM/sandbox library. In vm2 versions prior to 3.11.2, the method neutralizeArraySpeciesBatch improperly handles objects originating from the opposite side of the sandbox boundary. Because the vulnerable logic can invoke a getter on the array prototype across that boundary, host-side objects can be exposed into the sandbox context. An attacker can leverage this cross-boundary object exposure to obtain host objects, recover the host Function constructor, break out of the vm2 sandbox, and then execute arbitrary commands on the underlying host system.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in complete sandbox escape. An attacker executing untrusted JavaScript inside a vulnerable vm2 instance can gain access to host-side objects and the host Function object, which enables arbitrary code execution on the host. The practical impact is full compromise of confidentiality, integrity, and availability of the host environment running vm2 workloads.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, do not run untrusted code in affected vm2 versions. Reduce exposure by isolating execution in stronger containment boundaries outside the JavaScript sandbox itself, such as dedicated containers or microVM-based isolation, and restrict host privileges available to the vm2 process. These are compensating controls only; the definitive fix is upgrading to 3.11.2 or later.

Remediation

Patch, then assume compromise.

Upgrade vm2 to version 3.11.2 or later. The provided content states the vulnerability is fixed in vm2 3.11.2.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Vm2 ProjectVm2application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
cvefeed high severityNews
May 13, 2026
CVE-2026-44008 - vm2: Snabox breakout via `neutralizeArraySpeciesBatch`

A sandbox escape vulnerability in vm2 for Node.js that allows attackers to obtain host objects and the host Function object, leading to arbitrary command execution on the host system.

Read more
cyber security newsNews
May 7, 2026
Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks

A critical unpatched vm2 sandbox escape vulnerability that abuses array species handling and exception logic to expose host-side objects and regain access to the host Function constructor.

Read more
the hacker newsNews
May 7, 2026
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A critical vm2 sandbox escape vulnerability via neutralizeArraySpeciesBatch() that permits arbitrary command execution on the host.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-44008
NVD
nvd.nist.gov/vuln/detail/CVE-2026-44008
MITRE CWE · CWE-668
Exposure of Resource to Wrong Sphere
Vendor Advisory
github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq