vm2, the Node.js sandbox library used by 1.3 million projects to run untrusted code, just got hit with a dozen new bugs that let attackers escape the sandbox

vm2 maintainers disclosed a fresh batch of a dozen sandbox-escape vulnerabilities yesterday, including CVE-2026-43997, CVE-2026-44005, and CVE-2026-44006 - all CVSS 10.0. The library is used by 1.3 million weekly downloads worth of Node.js projects to run untrusted JavaScript inside a supposedly safe sandbox - online code runners, chatbots, automation tools, and SaaS platforms with user scripts. Each bug breaks the sandbox in a different way: prototype pollution, sandbox escape via inspect functions, allowlist bypass to reach child_process. vm2 was deprecated in 2023 over similar issues, then resurrected last October. Over 20 documented sandbox-escape bugs - the maintainer himself recommends Docker isolation instead.

Check

Search package.json and yarn.lock files across your codebase for vm2 dependencies. Check version - anything below 3.11.2 needs updating. Audit which features process attacker-controlled input through vm2.

Affected

vm2 versions 3.10.0 through 3.11.1. Patches landed in 3.11.0, 3.11.1, and 3.11.2. CVE-2026-43997, 44005, 44006 are CVSS 10.0. Acute risk: applications running user-supplied JavaScript through vm2 - chatbots, online code editors, automation platforms, and SaaS apps with custom-script features.

Fix

Upgrade vm2 to 3.11.2. For applications running attacker-controlled JavaScript, migrate off vm2 entirely - the maintainer recommends isolated-vm or Docker with logical separation. Don't rely on vm2 alone: combine with network isolation, filesystem restrictions, and ephemeral containers. Review CI/CD for transitive vm2 dependencies via 'npm ls vm2' - 885 packages directly depend on it.