Key Findings A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library, tracked as CVE-2026-22709. The vulnerability carries a CVSS score of 9.8 out of 10.0, indicating its high severity. The flaw allows attackers to escape the sandbox environment and execute arbitrary code on the underlying operating system. Background vm2 is a Node.js library used to run untrusted code within a secure sandboxed environment. The library intercepts and prox
