Forum: Too Lazy BBS

Critical sandbox escape flaw found in popular vm2 NodeJS library

From BleepingComputer to All on Tue Jan 27 12:24:06 2026

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. [...]

https://www.bleepingcomputer.com/news/security/critical-sandbox-escape-flaw-discovered-in-popular-vm2-nodejs-library/