AttackFeed by Joe Wagner | Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution  - The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution  – The Hacker News

Posted on By [email protected] (The Hacker News) No Comments on Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution  – The Hacker News
Attack Feeds

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system.
The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system.
“In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch  –

Read More  – The Hacker News 

You may also like

Attack Feeds
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree  – CyberScoop
October 6, 2025
Attack Feeds
LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation  – CyberScoop
October 14, 2025
Attack Feeds
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access  – The Hacker News
November 24, 2025
Attack Feeds
Researchers find Jordan government used Cellebrite phone-cracking tech against activists  – CyberScoop
January 22, 2026

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.