| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44001 |
high |
8.6 |
8.6 |
14d ago |
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) |
|
| CVE-2026-43998 |
high |
8.5 |
8.5 |
14d ago |
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape |
|
| CVE-2026-44004 |
high |
7.5 |
7.5 |
14d ago |
vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion |
|
| CVE-2026-44000 |
high |
7.2 |
7.2 |
14d ago |
vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary |
|
| CVE-2026-44003 |
medium |
5.8 |
5.8 |
14d ago |
vm2's Transformer Fast-Path Bypass Exposes Internal State Variable |
|
| CVE-2026-44002 |
medium |
5.8 |
5.8 |
14d ago |
vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak |
|