https://vulnerability.circl.lu/sightings/feed 2026-05-27T20:16:03.808995+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/9a5d693b-4372-4538-a2bb-aac6ab7d45c5/export 2026-05-27T20:16:03.823226+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "9a5d693b-4372-4538-a2bb-aac6ab7d45c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/wasm.activitypub.awakari.com.ap.brid.gy/post/3ml7zsygg4zn2", "content": "vm2 CVE-2026-26956: Node.js sandbox escape enables host code execution A critical sandbox-escape vulnerability in the popular Node.js library vm2 can let untrusted code break out of the VM and reac...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T01:12:19.876813Z"} 2026-05-07T01:12:19.876813+00:00 https://vulnerability.circl.lu/sighting/5ec0c5ad-a532-4877-aa63-5368bd66f93e/export 2026-05-27T20:16:03.823150+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "5ec0c5ad-a532-4877-aa63-5368bd66f93e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/wasm.activitypub.awakari.com.ap.brid.gy/post/3mlabwuv4hry2", "content": "vm2 CVE-2026-26956: Node.js sandbox escape enables host code execution A critical sandbox-escape vulnerability in the popular Node.js library vm2 can let untrusted code break out of the VM and reac...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T03:35:45.813116Z"} 2026-05-07T03:35:45.813116+00:00 https://vulnerability.circl.lu/sighting/d3ba8219-c71d-4db4-8001-c16f09360631/export 2026-05-27T20:16:03.823082+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d3ba8219-c71d-4db4-8001-c16f09360631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/wasm.activitypub.awakari.com.ap.brid.gy/post/3mlbdnxgqise2", "content": "CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js...\n\n#Cyber #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T13:39:27.808205Z"} 2026-05-07T13:39:27.808205+00:00 https://vulnerability.circl.lu/sighting/49e83cd6-b665-49d5-9dda-3666445c36c7/export 2026-05-27T20:16:03.823009+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "49e83cd6-b665-49d5-9dda-3666445c36c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/wasm.activitypub.awakari.com.ap.brid.gy/post/3mlbhwjl3exe2", "content": "CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 Introduction to Malware Binary Triage (IMBT) Course Looking to le...\n\n#Malware #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T14:55:40.024993Z"} 2026-05-07T14:55:40.024993+00:00 https://vulnerability.circl.lu/sighting/38bec017-27eb-49f7-96c9-fd17d198dbc6/export 2026-05-27T20:16:03.822898+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "38bec017-27eb-49f7-96c9-fd17d198dbc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://t.me/true_secator/8184", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Node.js \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u043e\u0439 vm2 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0443 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0445\u043e\u0441\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\nvm2 - \u044d\u0442\u043e \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 Node.js \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 JavaScript \u0432 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435.\n\n\u041e\u043d\u0430 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043e\u043d\u043b\u0430\u0439\u043d-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 SaaS-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u044b.\n\n\u0411\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u0434, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0439\u0441\u044f \u0432 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435, \u043e\u0442 \u0445\u043e\u0441\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c API Node.js, \u0442\u0430\u043a\u0438\u043c \u043a\u0430\u043a \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430.\n\nvm2 \u0435\u0436\u0435\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u043e \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 1,3 \u043c\u043b\u043d. \u0440\u0430\u0437\u00a0\u0447\u0435\u0440\u0435\u0437 npm\u00a0(Node Package Manager), \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0434\u043b\u044f Node.js.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-26956 \u0438\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u044e vm2 3.10.4, \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b. \u0427\u0442\u043e \u0432\u0430\u0436\u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c - PoC \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d.\n\n\u0412 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0438 \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0449\u0438\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0440\u0435\u0434\u044b \u0441 Node.js 25 (\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u043e \u043d\u0430 Node.js 25.6.1), \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 WebAssembly \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 JSTag.\n\nCVE-2026-26956 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0435 \u043c\u0435\u0436\u0434\u0443 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u043e\u0439 \u0438 \u0445\u043e\u0441\u0442\u043e\u043c.\n\n\u0412 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442\u0441\u044f\u00a0, \u0447\u0442\u043e vm2 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u044e\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0445\u043e\u0441\u0442\u0430, \u0438 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u043d\u043a\u0430\u043f\u0441\u0443\u043b\u0438\u0440\u0443\u044e\u0442 \u043e\u0431\u044a\u0435\u043a\u0442\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0432 \u0440\u0430\u0437\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430\u0445, \u0438 \u0432\u0441\u0451 \u044d\u0442\u043e \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 JavaScript.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 WebAssembly \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0438 JavaScript \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043d\u0438\u0437\u043a\u043e\u043c \u0443\u0440\u043e\u0432\u043d\u0435 \u0432\u043d\u0443\u0442\u0440\u0438 \u0434\u0432\u0438\u0436\u043a\u0430 V8 \u043e\u0442 Google, \u043e\u0431\u0445\u043e\u0434\u044f \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 JavaScript \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b vm2.\n\n\u0417\u0430\u043f\u0443\u0441\u0442\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 TypeError \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u043c\u0432\u043e\u043b\u0430 \u0432 \u0441\u0442\u0440\u043e\u043a\u0443, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0443\u0442\u0435\u0447\u043a\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0445\u043e\u0441\u0442\u0430 \u043e\u0431\u0440\u0430\u0442\u043d\u043e \u0432 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0443 \u0431\u0435\u0437 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b vm2.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u0442\u0435\u0447\u043a\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0438\u0437 \u0441\u0440\u0435\u0434\u044b \u0445\u043e\u0441\u0442\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0435\u0433\u043e \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0442\u043e\u0440\u043e\u0432 \u0434\u043b\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430\u043c Node.js, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u044a\u0435\u043a\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0445\u043e\u0441\u0442\u0430.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c vm2 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e\u00a0\u0432\u0435\u0440\u0441\u0438\u0438 3.10.5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 (\u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f - 3.11.2), \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2026-26956.", "creation_timestamp": "2026-05-07T18:10:06.000000Z"} 2026-05-07T18:10:06+00:00 https://vulnerability.circl.lu/sighting/f2e8293a-ff05-49b3-aa94-151bc15c8e5e/export 2026-05-27T20:16:03.822827+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "f2e8293a-ff05-49b3-aa94-151bc15c8e5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/wasm.activitypub.awakari.com.ap.brid.gy/post/3mlc3nmmyg6w2", "content": "vm2 CVE-2026-26956: Node.js sandbox escape enables host code execution A critical sandbox-escape flaw in vm2 3.10.4 can let untrusted Node.js code reach the host environment. Upgrade to vm2 3.10.5 ...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T20:51:22.041671Z"} 2026-05-07T20:51:22.041671+00:00 https://vulnerability.circl.lu/sighting/d869b93c-4bdb-4a21-95d9-a4242ad76411/export 2026-05-27T20:16:03.822747+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d869b93c-4bdb-4a21-95d9-a4242ad76411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://t.me/bdufstecru/3146", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 VM.run() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 vm2 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 NPM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06428\nCVE-2026-26956\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66", "creation_timestamp": "2026-05-08T14:03:16.000000Z"} 2026-05-08T14:03:16+00:00 https://vulnerability.circl.lu/sighting/520ca45e-f982-4ee0-84f8-6bd449e30d13/export 2026-05-27T20:16:03.822661+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "520ca45e-f982-4ee0-84f8-6bd449e30d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mliuwydnua2u", "content": "\ud83d\udccc CVE-2026-26956 - vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code... https://www.cyberhub.blog/cves/CVE-2026-26956", "creation_timestamp": "2026-05-10T13:37:08.936790Z"} 2026-05-10T13:37:08.936790+00:00 https://vulnerability.circl.lu/sighting/0dbd3c92-95f2-4ae1-8bed-dd86ff644d9e/export 2026-05-27T20:16:03.821800+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0dbd3c92-95f2-4ae1-8bed-dd86ff644d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mlkfirx4jb26", "content": "@socket.dev\nA critical sandbox escape in vm2 allows arbitrary OS command execution on Node.js.\n-\nIOCs: CVE-2026-26956, GHSA-ffh4-j6h5-pg66\n-\n#CVE202626956 #ThreatIntel #vm2", "creation_timestamp": "2026-05-11T04:06:05.254150Z"} 2026-05-11T04:06:05.254150+00:00 https://vulnerability.circl.lu/sighting/e6d8edaa-9d30-4b48-98bc-bd20278367b8/export 2026-05-27T20:16:03.820195+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "e6d8edaa-9d30-4b48-98bc-bd20278367b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-26956", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-full-sandbox-escape-nodejs-sandbox-vm2-patch-immediately", "content": "", "creation_timestamp": "2026-05-11T08:08:20.000000Z"} 2026-05-11T08:08:20+00:00