Vulnerabilities4 min read
12 Critical Flaws in vm2 Node.js Sandbox Enable Host Takeover
Security researchers disclosed 12 sandbox escape vulnerabilities in vm2, including three with CVSS 10.0 scores. The popular JavaScript isolation library can no longer be trusted to contain untrusted code.
Marcus ChenMay 8, 2026