CVE-2026-44000 Overview
CVE-2026-44000 is a sandbox boundary violation in vm2, an open source virtual machine and sandbox library for Node.js. The flaw exists in versions prior to 3.11.0 and allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise resolves to a host object and is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. Sandboxed code can then interact with the host object directly, perform identity checks using host-side WeakMap, and mutate host object state. The vulnerability is categorized under [CWE-693] Protection Mechanism Failure and is fixed in vm2 version 3.11.0.
Critical Impact
Sandboxed JavaScript can reach across the sandbox boundary, read and mutate host objects, and undermine the isolation guarantees that consumers of vm2 rely on for executing untrusted code.
Affected Products
- vm2 versions prior to 3.11.0
- Node.js applications embedding vm2 for untrusted code execution
- Downstream packages bundling vulnerable vm2 releases
Discovery Timeline
- 2026-05-13 - CVE-2026-44000 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2026-44000
Vulnerability Analysis
The vm2 library establishes a separate JavaScript realm to execute untrusted code while exposing controlled bindings to host objects. Cross-realm value transitions are normally routed through a conversion pipeline that wraps host objects in proxies before delivery to the sandbox.
The Promise fulfillment path bypasses this conversion. When a host Promise resolves to a host object and the sandbox subscribes via .then(), the resolved value reaches the sandbox callback without proxy wrapping. The sandbox then receives a direct reference to the host object, breaking isolation.
Attacker-controlled code inside the sandbox can use this reference to invoke host methods, mutate host-managed state, and probe host-side WeakMap instances by identity. These capabilities form a primitive for further escapes when the host exposes any Promise-returning API.
Root Cause
The fulfillment wrapper for host Promises calls ensureThis() rather than the stronger cross-realm conversion functions from() or proxy wrapping. ensureThis() looks up a prototype mapping for the resolved value, and if no mapping is found, it returns the original object unchanged. As a result, plain host objects without a registered prototype mapping pass through unwrapped.
Attack Vector
Exploitation requires the host to expose a Promise-returning function, or any value chain that resolves to a host object, to the sandboxed context. The sandbox attaches a .then() handler, receives the unwrapped host object inside the callback, and proceeds to interact with host state. No special privileges or user interaction are needed beyond the ability to execute JavaScript inside the sandbox.
The vulnerability mechanism is described in the GitHub Security Advisory GHSA-mpf8-4hx2-7cjg. No public proof-of-concept exploit code is referenced in the advisory.
Detection Methods for CVE-2026-44000
Indicators of Compromise
- Presence of vm2 versions earlier than 3.11.0 in package.json, package-lock.json, or yarn.lock files.
- Sandbox scripts that attach .then() handlers to host-provided Promises returning non-primitive values.
- Unexpected mutations of host-side objects or state after running untrusted scripts inside vm2.
Detection Strategies
- Run software composition analysis across Node.js projects to flag any direct or transitive dependency on vm2 < 3.11.0.
- Audit application code for host APIs that expose Promises resolving to objects, classes, or WeakMap-backed registries to the sandbox.
- Review runtime logs for sandbox executions that touch host-side methods or trigger host-state changes outside expected workflows.
Monitoring Recommendations
- Track CI/CD build manifests and container images for vulnerable vm2 releases and block promotion until upgraded.
- Instrument host bridge functions to log object identity crossings and alert on unexpected Promise returns to the sandbox.
- Monitor process-level behavior of services that execute untrusted JavaScript for unusual file, network, or child process activity.
How to Mitigate CVE-2026-44000
Immediate Actions Required
- Upgrade vm2 to version 3.11.0 or later in all Node.js applications and rebuild dependent artifacts.
- Inventory transitive dependencies and pin minimum versions in package.json to prevent regression to vulnerable releases.
- Treat vm2 sandboxes as defense-in-depth only and isolate untrusted code execution at the process or container level.
Patch Information
The maintainers of vm2 released version 3.11.0, which routes Promise fulfillment values through the cross-realm conversion path that performs proxy wrapping. See the vm2 GitHub Security Advisory for the full patch notes.
Workarounds
- Avoid exposing host Promises that resolve to non-primitive host objects to the sandbox until the upgrade is applied.
- Wrap any host Promise manually so that the resolved value is a primitive or a pre-serialized clone before it reaches sandboxed .then() callbacks.
- Run vm2-hosting services inside hardened containers with seccomp, read-only file systems, and minimal network egress to contain post-escape activity.
# Upgrade vm2 to the patched release
npm install vm2@^3.11.0 --save
npm audit --production
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
