CVE-2026-44005 | patriksimek vm2 up to 3.10.x otherReflectSet/otherReflectDefineProperty prototype pollution (GHSA-vwrp-x96c-mhwq)

A vulnerability was found in patriksimek vm2 up to 3.10.x. It has been declared as critical. Affected is the function otherReflectSet/otherReflectDefineProperty. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.

This vulnerability is registered as CVE-2026-44005. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More