vm2_project security advisories
4 threat alerts tracking vulnerabilities and security advisories that affect vm2_project products.
Vulnios monitors vm2_project CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent vm2_project security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-24118 — vm2_project — vm2
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and
criticalCVE-2026-24118Critical Vulnerability: CVE-2026-26956 — vm2_project — vm2
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and r
criticalCVE-2026-26956Critical Vulnerability: CVE-2026-24781 — vm2_project — vm2
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can esc
criticalCVE-2026-24781Critical Vulnerability: CVE-2026-24120 — vm2_project — vm2
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2
criticalCVE-2026-24120
Track vm2_project exposure across your environment
Vulnios automatically cross-references your asset inventory against new vm2_project CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan