CVE-2026-44009 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 14, 2026
Published: May 13, 2026Updated: May 14, 2026PoC AvailableRemote Exploitable
Overview
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.
Severity & Score
Severity: Critical
CVSS Score: 9.8
EPSS Score: 4.3%(Probability of exploitation in next 30 days)
Social Media Activity(2 posts)
TheHackerWire
@thehackerwire
š“ CVE-2026-44009 - Critical (9.8) vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2. š https://www.thehackerwire.com/vulnerability/CVE-2026-44009/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
TheHackerWire
@thehackerwire
š“ CVE-2026-44009 - Critical (9.8) vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2. š https://www.thehackerwire.com/vulnerability/CVE-2026-44009/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-44009
- Severity
- Critical
- CVSS Score
- 9.8
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 2
CWE
- CWE-668
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
4.3%Probability of exploitation in the next 30 days