CVE-2026-24120
highCVSS v3 Base Score
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 70% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in vm2, an open-source sandbox for Node.js. This vulnerability allows a remote attacker to bypass existing security controls, specifically the fix for CVE-2023-37466. By circumventing the sandbox, an attacker can execute arbitrary commands on the host system, leading to a complete compromise of the affected system.
CWE
CWE-807Affected Products
Red Hat Developer HubSelf-service automation portal 2