A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results