CVE-2026-44009

Published: Mag 13, 2026 Last Modified: Mag 13, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.

668

Exposure of Resource to Wrong Sphere

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Other
Potential Impacts:
Read Application Data Modify Application Data Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/patriksimek/vm2/security/advisories/GHSA…
https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm