CVE-2026-44006

A flaw was found in vm2 before 3.11.0. Sandboxed code can reach BaseHandler.getPrototypeOf to obtain arbitrary prototypes, enabling sandbox escape and arbitrary code execution. Fixed in 3.11.0. Mitigation Upgrade to vm2 3.11.0 or later. Do not execute untrusted code in vm2...