CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2026-44005 – vm2: Sandbox escape
https://notcve.org/view.php?id=CVE-2026-44005
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11... • https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2026-44007 – vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution
https://notcve.org/view.php?id=CVE-2026-44007
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. • https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2026-44006 – vm2: Sandbox Escape
https://notcve.org/view.php?id=CVE-2026-44006
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. • https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2026-44001 – vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
https://notcve.org/view.php?id=CVE-2026-44001
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. • https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh • CWE-248: Uncaught Exception •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2026-44000 – vm2: sandbox boundary bypass via host Promise resolution preserving host object identity
https://notcve.org/view.php?id=CVE-2026-44000
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. This allows the sandbox to interact with the host object directly, including performing identity checks using host-side Weak... • https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg • CWE-693: Protection Mechanism Failure •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2026-43999 – vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape
https://notcve.org/view.php?id=CVE-2026-43999
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. • https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8 • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-43998 – vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape
https://notcve.org/view.php?id=CVE-2026-43998
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. • https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2026-43997 – vm2: Sandbox Escape
https://notcve.org/view.php?id=CVE-2026-43997
13 May 2026 — vm2 is an open source vm/sandbox for Node.js. ... There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). • https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-45227 – Heym < 0.0.21 Sandbox Escape via Python Introspection
https://notcve.org/view.php?id=CVE-2026-45227
12 May 2026 — Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. • https://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspection • CWE-693: Protection Mechanism Failure •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-5061 – Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
https://notcve.org/view.php?id=CVE-2026-5061
12 May 2026 — The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. • https://discuss.hashicorp.com/t/hcsec-2026-12-consul-template-vulnerable-to-sandbox-path-bypass-in-file-helper-through-symlink-attack/77414 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •