Attack Chain

1. Attacker crafts malicious JavaScript code designed to exploit the null proto exception within the vm2 sandbox.
2. The malicious code defines an object with a null prototype (__proto__: null).
3. The code attempts to throw the null proto object as an exception within the vm2 environment.
4. The handleException function incorrectly assumes that the exception originates from outside the sandbox due to the null proto.
5. This leads to the creation of both proxied and unproxied versions of the sandbox object.
6. The attacker manipulates the proxied and unproxied objects to access the Buffer.prototype.inspect function.
7. Using the constructor property of the function, the attacker gains access to the host’s Function object.
8. The attacker uses the host Function object to execute arbitrary commands on the host system, such as creating a file named ‘pwned’.

Impact

Successful exploitation of this vulnerability (CVE-2026-44009) allows an attacker to bypass the vm2 sandbox and execute arbitrary code on the host system. This can lead to complete system compromise, including data theft, malware installation, and denial-of-service attacks. The vulnerability affects any application that relies on vm2 for secure code execution, potentially impacting a wide range of Node.js-based applications and services. The impact is significant due to the ease of exploitation and the potential for complete system takeover.

Recommendation

• Upgrade to vm2 version 3.11.2 or later to patch CVE-2026-44009.
• Implement the Sigma rule “Detect vm2 Sandbox Breakout Attempt via Null Proto Exception” to detect exploitation attempts by monitoring for the specific code patterns used in the proof-of-concept.
• Continuously monitor vm2 environments for suspicious activity, including unexpected process creation or file system modifications, which may indicate a successful sandbox escape.