{"vulnerability": "cve-2026-4400", "sightings": [{"uuid": "31814ebd-96ab-47d9-b5b0-4d8a22813ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4400", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mieasagthd2i", "content": "", "creation_timestamp": "2026-03-31T13:10:20.875409Z"}, {"uuid": "4eed8bdd-90a5-43f2-afcc-32e9cee21dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44001", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlthl3rm5l2q", "content": "\ud83d\udccc CVE-2026-44001 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the ho... https://www.cyberhub.blog/cves/CVE-2026-44001", "creation_timestamp": "2026-05-14T18:37:07.923428Z"}, {"uuid": "4bb37531-2774-4f5b-a5d2-8a7b3b0b77f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4400", "type": "seen", "source": "Telegram/JITBwt8Dx-6YeOa4-kB3D3uVT5le84W_frafpIhKwvPhvSA", "content": "", "creation_timestamp": "2026-03-31T13:18:57.000000Z"}, {"uuid": "0fbdbe78-f989-4674-ae03-3dbc9b6e8dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44007", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml4tiejjgf2s", "content": "vm2: sandbox escape in NodeVM with nesting:true (CVE-2026-44007)", "creation_timestamp": "2026-05-05T18:39:06.928892Z"}, {"uuid": "43a2e26d-7074-4abc-96b0-6631280abc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44001", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrbn3ni6e2c", "content": "CVE-2026-44001 - vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)\nCVE ID : CVE-2026-44001\n \n Published : May 13, 2026, 6:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbo...", "creation_timestamp": "2026-05-13T21:45:32.352989Z"}, {"uuid": "902d5336-c432-49b5-b497-cee565d3178e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44006", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrbtta76z2i", "content": "CVE-2026-44006 - vm2: Sandbox Escape\nCVE ID : CVE-2026-44006\n \n Published : May 13, 2026, 6:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to...", "creation_timestamp": "2026-05-13T21:49:21.251112Z"}, {"uuid": "33056f0f-cc94-4aae-b55d-04296f60eedd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44006", "type": "seen", "source": "https://t.me/bdufstecru/3172", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 BaseHandler.getPrototypeOf() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 vm2 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 NPM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06907\nCVE-2026-44006\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/patriksimek/vm2/releases/tag/v3.11.0", "creation_timestamp": "2026-05-18T14:18:11.000000Z"}, {"uuid": "e642bf0f-81c4-4407-b146-b2f0ef83cc01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44007", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmhyplqiny2r", "content": "\ud83d\udccc CVE-2026-44007 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('... https://www.cyberhub.blog/cves/CVE-2026-44007", "creation_timestamp": "2026-05-22T22:37:06.598073Z"}, {"uuid": "000fadfd-476f-40a0-9083-2a05f95366f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44005", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq", "content": "", "creation_timestamp": "2026-05-01T20:42:00.000000Z"}, {"uuid": "6e71f33b-3c5f-45fc-b3a1-077ef140cd32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44000", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg", "content": "", "creation_timestamp": "2026-05-01T20:44:26.000000Z"}, {"uuid": "7a70fd26-a340-4835-8c09-5c748987be14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44009", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm", "content": "", "creation_timestamp": "2026-05-03T21:34:48.000000Z"}, {"uuid": "a8356f78-097b-458a-a436-beda0b7a4aab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44007", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx", "content": "", "creation_timestamp": "2026-05-01T21:29:07.000000Z"}, {"uuid": "409fc812-c800-4832-9212-d6fc52357681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44001", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh", "content": "", "creation_timestamp": "2026-05-01T20:43:31.000000Z"}, {"uuid": "d0fb7d1b-2df3-4d1f-a7a5-49c3f41f768b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44008", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq", "content": "", "creation_timestamp": "2026-05-03T21:34:12.000000Z"}, {"uuid": "5546f626-22cb-417a-b220-16692f9fc653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44006", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8", "content": "", "creation_timestamp": "2026-05-01T20:40:54.000000Z"}, {"uuid": "d59c8797-48b3-4cfd-a811-1936a9598770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44003", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7", "content": "", "creation_timestamp": "2026-05-01T20:44:52.000000Z"}, {"uuid": "44bf8d67-e20a-4c63-a0cd-056b324e1b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44004", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7", "content": "", "creation_timestamp": "2026-05-01T20:43:52.000000Z"}, {"uuid": "a89ac2b1-d89c-4ff5-aac8-e10432f68233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44002", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw", "content": "", "creation_timestamp": "2026-05-01T20:44:37.000000Z"}]}