**vm2** is an open-source library designed to run untrusted JavaScript code within a secure sandbox environment. It achieves this by intercepting and proxying JavaScript objects, aiming to prevent sandboxed code from accessing the host system. ## Vulnerability Details Twelve critical security vulnerabilities have been disclosed. All of these vulnerabilities could be exploited by malicious actors to gain unauthorized access and control over the underlying system. Here's a breakdown of the identified flaws: * **CVE-2026-24118** (CVSS score: 9.8): Sandbox escape via `__lookupGetter__` allows arbitrary code execution on the host. Affects versions <= 3.10.4, patched in 3.11.0. * **CVE-2026-24120** (CVSS score: 9.8): A bypass for CVE-2023-37466, enabling sandbox escape through the species property of promise objects. Affects versions <= 3.10.3, patched in 3.10.5. * **CVE-2026-24781** (CVSS score: 9.8): Sandbox escape via the "inspect" function leading to arbitrary code execution. Affects versions <= 3.10.3, patched in 3.11.0. * **CVE-2026-26332** (CVSS score: 9.8): Sandbox escape via "SuppressedError" allows arbitrary code execution. Affects versions <= 3.10.4, patched in 3.11.0. * **CVE-2026-26956** (CVSS score: 9.8): Protection mechanism failure leading to sandbox escape with arbitrary code execution by triggering a TypeError produced by Symbol-to-string coercion. Affects version 3.10.4, patched in 3.10.5. * **CVE-2026-43997** (CVSS score: 10.0): Code injection allows obtaining the host Object and escaping the sandbox, leading to arbitrary code execution. Affects versions <= 3.10.5, patched in 3.11.0. * **CVE-2026-43999** (CVSS score: 9.9): Bypass of NodeVM's built-in allowlist enables loading excluded builtins like child_process and achieving remote code execution. Affects version 3.10.5, patched in 3.11.0. * **CVE-2026-44005** (CVSS score: 10.0): Allows attacker-controlled JavaScript to escape the sandbox and enable prototype pollution. Affects versions 3.9.6-3.10.5, patched in 3.11.0. * **CVE-2026-44006** (CVSS score: 10.0): Code injection via "BaseHandler.getPrototypeOf" enables sandbox escape and remote code execution. Affects versions <= 3.10.5, patched in 3.11.0. * **CVE-2026-44007** (CVSS score: 9.1): Improper access control allows sandbox escape and execution of arbitrary operating system commands. Affects versions <= 3.11.0, patched in 3.11.1. * **CVE-2026-44008** (CVSS score: 9.8): Sandbox escape via "neutralizeArraySpeciesBatch()" permits arbitrary command execution. Affects versions <= 3.11.1, patched in 3.11.2. * **CVE-2026-44009** (CVSS score: 9.8): Sandbox escape via a null proto exception permits arbitrary command execution. Affects versions <= 3.11.1, patched in 3.11.2. ## Remediation These disclosures follow the patching of **CVE-2026-22709** in January, another critical sandbox escape vulnerability. **Patrik Simek**, the maintainer of **vm2**, has acknowledged the ongoing challenges in maintaining a secure JavaScript sandbox and anticipates the discovery of further bypasses. Users of **vm2** are strongly advised to update to the latest version (3.11.2) to mitigate these critical risks.