Security
Critical VM2 Vulnerabilities Expose Node.js Applications to Arbitrary Code Execution
Four critical vulnerabilities in the VM2 sandbox library allow attackers to escape the sandbox and execute arbitrary code on host systems running Node.js 24 and 25.
May 05, 2026