BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Critical Flaws Found in vm2 Node.js Sandbox Library

Urgent vm2 library patch required to fix critical sandbox escape flaws.

  • vm2 Node.js library users must urgently update to version 3.11.2 to patch twelve critical sandbox escape vulnerabilities.
  • The flaws allow attackers to break out of the isolation environment and execute arbitrary code on the host system.
  • Multiple CVSS 10.0-rated vulnerabilities were found, representing the highest severity level for remote code execution.
  • Maintainer Patrik Simek has acknowledged that new bypasses in JavaScript sandboxing are likely to continue being discovered.
  • The vulnerabilities affect versions up to and including 3.11.1, requiring immediate action for applications running untrusted code.

On May 07, 2026, security researcher Ravie Lakshmanan disclosed a dozen critical vulnerabilities in the popular vm2 library, which developers use to run untrusted JavaScript code in a secure sandbox. These flaws represent a severe threat to any system using affected versions of the open-source tool for code isolation.

- Advertisement -

Consequently, attackers can exploit these vulnerabilities, detailed in CVE-2026-24118 and others, to escape the sandbox entirely. This breach allows them to run arbitrary commands on the underlying host machine.

The list includes several maximum-severity issues, such as CVE-2026-43997 and CVE-2026-44005, which both carry a CVSS score of 10.0. Other critical flaws, like CVE-2026-44009, also permit sandbox escape and arbitrary command execution.

Meanwhile, this disclosure follows recent patches for another critical flaw, CVE-2026-22709, from a couple of months prior. The repeated discoveries highlight the inherent difficulty of securely isolating code in JavaScript environments.

Therefore, vm2 maintainer Patrik Simek has released updated versions to address all identified issues. Users are strongly advised to update immediately to the latest patched version, 3.11.2, for protection.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

New Webinar: Outpace AI Attacks with Zero Trust

AI-powered attacks, like the Mythos model, now execute in minutes what previously took attackers...

Amazon Stock Drops 13%: Should You Sell or Hold Before Earnings?

Amazon shares fell 13% into a correction amid concerns over $200 billion in capital...

MoonPay’s MoonAgents AI assistant now on Telegram

MoonPay launched support for its AI crypto assistant, MoonAgents, on the Telegram messaging platform...

GoPro founder loans $20M to save sinking company

GoPro founder and CEO Nicholas Woodman is extending $20 million in financing to the...

Sony Bank gains US approval to launch dollar stablecoins

Sony Bank received preliminary approval from the OCC to establish a US trust bank...

Must Read

How to Choose a Cryptocurrency Exchange: Major Risks and Expert Advice

During the bitcoin frenzy, in late 2017, Coinbase, one of the key players in the global cryptocurrency market, stopped trading operations. At a point...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading