A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results