Twelve critical vm2 sandbox escapes expose Node.js hosts to RCE

Researchers disclosed twelve critical vulnerabilities in vm2, the popular Node.js library used to run untrusted JavaScript inside a proxied sandbox. Every flaw carries a CVSS score of 9.1 or higher, with three rated 10.0, and all of them ultimately let attacker-controlled code break out of the sandbox and execute arbitrary commands on the host. The escape techniques abuse a wide range of JavaScript internals — lookupGetter, promise species, SuppressedError, Symbol-to-string coercion, BaseHandler.getPrototypeOf, NodeVM allowlist bypasses, and null-proto exceptions among them.

Patches are spread across versions 3.10.5, 3.11.0, 3.11.1, and 3.11.2, meaning anything below 3.11.2 is exposed to at least one of the disclosed bypasses. CVE-2026-43999 in particular sidesteps the built-in allowlist and reaches child_process, and CVE-2026-44005 turns sandbox escape into prototype pollution, both pathways to full remote code execution.

The drumbeat of new escapes — following CVE-2026-22709 just weeks earlier — reinforces what the maintainer has already conceded: securely isolating untrusted code inside the same V8 process is a losing game. Workloads that genuinely run hostile JavaScript belong in OS- or VM-level isolation (isolated-vm, workerd, gVisor, microVMs), not a userland proxy. Anyone still on vm2 should pin to 3.11.2 immediately and plan a migration off the library.