VM2 Has a Sandbox Escape Issue via SuppressedError
Description
Published by the National Vulnerability Database
May 4, 2026
Published to the GitHub Advisory Database
May 5, 2026
Reviewed
May 5, 2026
Last updated
May 5, 2026
In vm2 v3.10.4 on Node.js v24.13.0,
SuppressedErrorallows attackers to escape the sandbox and run arbitrary code.PoC
References