The Async Escape: Critical 9.8 Flaw in vm2 Turns JavaScript Sandboxes Into Open Gateways
A critical sandbox escape vulnerability has been unearthed within the vm2 library—a utility frequently employed as a JavaScript sanctuary for the execution of untrusted code within Node.js. This flaw, designated as CVE-2026-22709 with a...
