The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
BroadwayWorld

Promises, Promises Broadway Reviews

I haven't said anything about Rob Ashford's staging because there's not much to say other than that it's bland and unamusing. Rarely have so many jokes been stepped on so firmly. The only scene that ...