CVE-2026-44000 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: May 14, 2026
vm2 - Sandbox Escape
Published: May 13, 2026Updated: May 14, 2026PoC AvailableRemote Exploitable
Overview
vm2 < 3.11.0 contains a sandbox boundary violation caused by improper Promise resolution handling, letting attackers bypass sandbox isolation and interact with host objects directly, exploit requires host-side Promise resolution.
Severity & Score
Severity: Medium
CVSS Score: 6.5
Impact
Attackers can bypass sandbox isolation to access and modify host objects, potentially compromising host integrity and security.
Mitigation
Update to version 3.11.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-44000
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- sandbox_escape
- Status
- confirmed
CWE
- CWE-693
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N