Back to CVE List

CVE-2026-43998

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.5 / 10

Vulnerability Description

vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Vulnerability Details

Published Date

May 07, 2026

Last Modified

May 07, 2026

Source

GitHub

Vendor

npm

Product

vm2

External References

Discussion (0)

Add Comment

No comments yet. Be the first!