Critical Sandbox Escape Vulnerabilities Disclosed in vm2 Node.js Library
Twelve critical vulnerabilities in the widely used vm2 Node.js library allow attackers to escape sandboxed environments and execute arbitrary code on host systems.

A series of 12 critical vulnerabilities have been disclosed in the popular Node.js sandboxing library vm2, allowing attackers to bypass security boundaries and execute arbitrary code on host systems. The library, which sees over 1.3 million weekly downloads on npm, is designed to isolate untrusted JavaScript code by intercepting and proxying objects to prevent access to sensitive host environment APIs like child_process or the filesystem The Hacker News BleepingComputer.
The vulnerabilities, which carry CVSS scores ranging from 9.1 to 10.0, primarily involve sandbox escape techniques. Attackers exploit these flaws to leak host-side objects into the sandboxed environment, subsequently abusing constructor chains to regain access to internal Node.js objects. For instance, CVE-2026-26956 allows an attacker to trigger a TypeError via Symbol-to-string coercion, bypassing vm2's JavaScript-level defenses by leveraging WebAssembly exception handling within the V8 engine The Hacker News BleepingComputer.
Other identified flaws utilize a variety of vectors to achieve similar outcomes. CVE-2026-24118 exploits __lookupGetter__, while CVE-2026-24781 uses the inspect function to facilitate escapes. Additional vulnerabilities, such as CVE-2026-43999, allow attackers to bypass NodeVM’s built-in allowlist to load restricted built-ins, and CVE-2026-44005 enables prototype pollution The Hacker News. The sheer volume of these flaws highlights the inherent difficulty of maintaining a secure sandbox environment within the JavaScript ecosystem.
The impact is significant for online coding platforms, automation tools, and SaaS applications that rely on vm2 to safely execute user-supplied scripts. Proof-of-concept exploit code has been made public for several of these vulnerabilities, including CVE-2026-26956, which was confirmed to affect environments running Node.js 25.6.1 with WebAssembly exception handling and JSTag support enabled BleepingComputer.
Maintainers have released a series of patches to address these issues. Users are strongly urged to upgrade to version 3.11.2 or later to mitigate the full range of disclosed vulnerabilities. The disclosure follows a pattern of recurring security issues in the library, including the critical CVE-2026-22709 reported earlier this year, and underscores the ongoing challenge of securing JavaScript-based isolation mechanisms The Hacker News BleepingComputer.
This string of disclosures reflects a broader trend of persistent security challenges in sandboxing libraries that attempt to enforce isolation using JavaScript-level proxies. As these libraries continue to be a primary target for researchers and attackers alike, developers are encouraged to evaluate the necessity of running untrusted code and to prioritize the latest security updates to minimize exposure to sandbox escape attacks.