ГлавнаяУязвимости → CVE-2026-44006
10критическая

CVE-2026-44006

Описание

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.

Затрагиваемое ПО
Vm2 project Vm2
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8https://access.redhat.com/security/cve/CVE-2026-44006https://bugzilla.redhat.com/show_bug.cgi?id=2477200https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44006.json