TGTGInsighttelegram intelligenceLIVE / telegram public index
← The Hacker News
View original
The Hacker News avatar

TGINSIGHT POST

Post #8299

@thehackernews

The Hacker News

Views9,590Post view count
PostedJan 2801/28/2026, 02:08 PM
Post content

Post content

🚨 A critical flaw in the vm2 Node.js library lets attackers escape the sandbox and run code on the host system. Tracked as CVE-2026-22709 (CVSS 9.8), the issue stems from improper Promise handler sanitization. πŸ”— How the flaw works β†’ https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html