CRITICALVulnerability
Global

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

·Source: The Hacker News

Updated:

Executive Summary

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host

Analysis

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
Source Attribution

Originally published by The Hacker News on May 7, 2026.

Related Threats

MEDIUMVulnerability

page_inject: CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer

[object Object]

CVE-2026-31431
r/blueteamsec
MEDIUMVulnerability

Police shut down reboot of Crimenetwork marketplace, arrest admin

German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. [...]

BleepingComputer
CRITICALVulnerability

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera. Ollama is a

CVE-2026-7482
The Hacker News