CVE-2026-44006

Description

A code injection vulnerability via "BaseHandler.getPrototypeOf" in the vm2 Node.js library that enables sandbox escape and remote code execution. (Affects versions <= 3.10.5, patched in 3.11.0)

References

https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html

Details

Source: Mitre, NVD