CVE Catalog
CVE-2026-44009
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk0.81%
52th percentile — higher than 52% of all known CVEs
Summary
A vulnerability in the vm2 library for Node.js allows sandbox escape. The issue is fixed in version 3.11.2.
Risk Assessment
An attacker can gain unauthorized access to the host operating system, leading to full compromise of the Node.js environment.
Recommendation
Immediately update the vm2 library to version 3.11.2 or later.
Original NVD description (English source)
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.

