CVE-2026-44008

A flaw was found in vm2 before 3.11.2. The neutralizeArraySpeciesBatch method can invoke host-side getters on array prototypes, exposing host objects and the host Function into the sandbox for escape and arbitrary command execution. Fixed in 3.11.2...

PT-2026-6648

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.29 Description SandboxJS is a JavaScript sandboxing library affected by an issue where the return values of functions are not properly wrapped. This allows attackers to use Object.values or Object.entries to...