CVE-2026-44008

No Score

Description

A vulnerability in the vm2 Node.js library that allows sandbox escape via "neutralizeArraySpeciesBatch()" and permits an attacker to execute arbitrary commands on the underlying host. (Affects versions <= 3.11.1, patched in 3.11.2)

References

https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html

Details

Source: Mitre, NVD

Published: 2026-05-07

Detections

Analytics

CVE-2026-44008

No Score

Description

References

Details