Information security
fromBleepingComputer
4 weeks agoCritical sandbox escape flaw discovered in popular vm2 NodeJS library
CVE-2026-22709 in vm2 allows sandbox escape via Promise callback sanitization flaws, enabling arbitrary code execution on the host.