3 matches found
ROOT-APP-NPM-CVE-2026-26332 CVE-2026-26332 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-26332 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...
CVE-2026-26332 vm2: Sandbox Escape
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0...