VIR Vulnerability Intelligence Relay

Package impact

npm NPM / vm2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44001 high 8.6 8.6 22d ago vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
CVE-2026-43998 high 8.5 8.5 22d ago vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
CVE-2026-44004 high 7.5 7.5 22d ago vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion
CVE-2026-44000 high 7.2 7.2 22d ago vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary