National Cyber Warfare Foundation (NCWF)


Warning: Undefined array key "PeopleID" in /var/www/html/includes/libUser.php on line 492

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
0 user ratings		2026-01-28 14:36:14
milo
Developers
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system.
The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system.
"In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Developers


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.