HIGH
Vm2 Project
CVE published 2026-05-13
CVE-2026-44001
CVE-2026-44001 is a high-severity vm2 sandbox issue that can let sandboxed code crash the host Node.js process. The supplied description says the problem exists in vm2 prior to 3.11.0 and that the earlier fix for CVE-2026-22709 only sanitized the onRejected callback in .then() and .catch() overrides, leaving an executor-to-unhandledRejection path unaddressed. In practice, a single Promise constructor can [truncated]