Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code
A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code. The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), affects all versions up to and including 3.10.0 and carries a CVSS v3.1 base score of 10.0, indicating maximum severity. The vulnerability stems from incomplete callback sanitization […]
The post https://cybersecuritynews.com/vm2-sandbox-vulnerability/
.