CVE-2026-44007: vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

May 7, 2026

When a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM’s require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised.

References

github.com/advisories/GHSA-8hg8-63c5-gwmx
github.com/patriksimek/vm2
github.com/patriksimek/vm2/releases/tag/v3.11.1
github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx
nvd.nist.gov/vuln/detail/CVE-2026-44007

Code Behaviors & Features

Detect and mitigate CVE-2026-44007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →