CVE-2026-44009

Exploit

vm2: Sandbox Breakout Through Null Proto Exception

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2,  This vulnerability is fixed in 3.11.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vm2 Project ≫ Vm2 SwPlatformnode.js Version < 3.11.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.447

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm

Vendor Advisory

Exploit

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform