Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-04T16:33:32 vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-653

A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.

Red Hat Developer Hub Will not fix rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor Red Hat Developer Hub Affected rhdh/rhdh-hub-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-24781 https://nvd.nist.gov/vuln/detail/CVE-2026-24781 https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189 https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228 https://github.com/patriksimek/vm2/releases/tag/v3.11.0 https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c