CYBERHAWK / CVE / CVE-2026-26332

CVE-2026-26332

vm2

CRITICAL CVSS 9.8 vibe oss

The flaw

SuppressedError allows sandbox escape and arbitrary code execution.

What to do

Update vm2 to version 3.11.0

▸ Scan my repo for CVE-2026-26332

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code ExecutionThe Hacker News · 2026-05-07
Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution AttacksCyberSecurityNews · 2026-05-07
Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacksgbhackers.com · 2026-05-07

First seen 2026-05-08 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits