> TritonInfoSec News
Home / May 08, 2026 / Story
0
#8 BleepingComputer general May 06, 2026 at 18:38 UTC

Critical vm2 sandbox bug lets attackers execute code on hosts

By Bill Toulas

AI Summary

A critical sandbox escape vulnerability in vm2, the widely-used Node.js sandboxing library, allows attackers to break out of the sandbox and execute arbitrary code directly on the host system. Twelve critical vulnerabilities were disclosed in total, with vm2 used across many applications to isolate untrusted JavaScript execution. Any Node.js application relying on vm2 for security boundaries should treat this as an urgent remediation or architectural review item.

Read full article → https://www.bleepingcomputer.com/news/security/cri…

Relevance score: 78.0/100

# More from May 08

  1. 1
    PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage The Hacker News
  2. 2
    Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access The Hacker News
  3. 3
    Canvas Breach Disrupts Schools & Colleges Nationwide Krebs on Security
  4. 4
    Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions The Hacker News
  5. 5
    PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems The Hacker News
  6. 6
    Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants SecurityWeek
  7. 7
    Iranian government hackers using Chaos ransomware as cover, researchers say The Record
  8. 9
    DAEMON Tools devs confirm breach, release malware-free version BleepingComputer
  9. 10
    New TCLBanker malware self-spreads over WhatsApp and Outlook BleepingComputer