CVE-2026-26956 - Geek Feed

Security
Tech News

Critical vm2 sandbox bug lets attackers execute code on hosts

May 9, 2026May 9, 2026 geekfeed0Tagged Code Execution, CVE-2026-26956, Open Source, Sandbox Escape, VM2, vulnerability

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit code has been published. In the security […]

2 mins read