A critical sandbox escape vulnerability has been disclosed in
the popular vm2 Node.js library that, if successfully exploited,
could allow attackers to run arbitrary code on the underlying
operating system. The vulnerability, tracked as CVE-2026-22709,
carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system.
"In vm2 for version 3.10.0, Promise.prototype.then
Promise.prototype.catch
Read more https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html
