Vendor

Vm2

2 briefs RSS

vm2 Vulnerability Allows Code Execution

A remote, anonymous attacker can exploit a vulnerability in vm2 to execute arbitrary code, potentially leading to arbitrary code execution on the host system.

vm2 javascript-sandbox code-execution

2r 1t May 11, 2026

critical advisory

VM2 Sandbox Escape Vulnerability (CVE-2026-26956)

2 rules 2 TTPs 1 CVE

A critical vulnerability, CVE-2026-26956, exists in vm2 version 3.10.4 when running on Node.js v25.6.1 (x64 Linux), allowing a full sandbox escape with arbitrary code execution through attacker-controlled code passed to `VM.run()`.

vm2 +1 sandbox-escape wasm javascript

2r 2t 1c May 5, 2026