CVE-2026-44005: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape

May 7, 2026

vm2’s bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox.

References

github.com/advisories/GHSA-vwrp-x96c-mhwq
github.com/patriksimek/vm2
github.com/patriksimek/vm2/releases/tag/v3.11.0
github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq
nvd.nist.gov/vuln/detail/CVE-2026-44005

Code Behaviors & Features

Detect and mitigate CVE-2026-44005 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →