Critical Security Vulnerability Discovered in vm2 Node.js Sandbox Library

📌 A critical security vulnerability (CVE-2026-26956) has been discovered in vm2, a popular Node.js sandbox library. The flaw affects applications utilizing vm2 for isolating and executing untrusted JavaScript code within a secure environment. No specific exploitation details, affected versions, or patch release dates were provided in the notice. The vulnerability poses a risk to systems relying on vm2 for sandboxing, though the exact impact—such as remote code execution or sandbox escape—was not explicitly stated. The alert originates from a report published by IT-Connect, focusing on the need to secure applications against this flaw.