vm2 ships 12 critical CVEs: the Node.js sandbox is out again
12 CVEs in vm2 disclosed May 7, 2026 — CVSS 9.1-10.0, all sandbox escapes. Patched in 3.11.2. If you run untrusted code under vm2, update today.
Nodejs
1 article tagged #nodejs
1 article tagged #nodejs
12 CVEs in vm2 disclosed May 7, 2026 — CVSS 9.1-10.0, all sandbox escapes. Patched in 3.11.2. If you run untrusted code under vm2, update today.