Vm2

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-22709 CRITICAL POC PATCH Act Now

Sandbox escape in vm2 Node.js sandbox before 3.10.2 via Promise.prototype.then/catch callback sanitization bypass. PoC and patch available.

Node.js Vm2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22709
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Sandbox escape in vm2 Node.js sandbox before 3.10.2 via Promise.prototype.then/catch callback sanitization bypass. PoC and patch available.

Node.js Vm2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy