CVE-2026-26332
highCVSS v3 Base Score
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 76% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in vm2, an open-source sandbox for Node.js. This vulnerability allows a remote attacker to escape the sandbox environment by exploiting the `SuppressedError` mechanism. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the affected system.
CWE
CWE-653Affected Products
Red Hat Developer HubSelf-service automation portal 2