CVE-2026-44007

Description

An improper access control vulnerability in the vm2 Node.js library that allows sandbox escape and execution of arbitrary operating system commands on the underlying host. (Affects versions <= 3.11.0, patched in 3.11.1)

References

https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html

Details

Source: Mitre, NVD