CVE-2026-44005

Name of the Vulnerable Software and Affected Versions vm2 versions 3.9.6 through 3.10.5

Description The bridge in vm2 exposes mutable proxies for host-realm intrinsic prototypes and forwards sandbox writes into underlying host objects using otherReflectSet() and otherReflectDefineProperty(). This allows attacker-controlled JavaScript running in a default VM or inherited NodeVM to mutate shared host Object.prototype, Array.prototype, and Function.prototype from within the sandbox, leading to prototype pollution and sandbox escape. The issue occurs because BaseHandler.apply() invokes host functions that can surface a prototype getter, and BaseHandler.get() allows an attacker to reuse the host lookupGetter (' proto ') accessor to reach host prototypes. Subsequently, BaseHandler.set() and BaseHandler.defineProperty() write attacker-controlled data directly into shared host objects.

Recommendations Update to version 3.11.0.