Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
- Posted on January 28, 2026
- By The Hacker News
- 5 Views
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
