CVE-2026-26332 Blast Radius

CRITICAL • CVSS 9.8vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code.

Is Your Infrastructure Using These Packages?

EchelonGraph automatically scans your cloud infrastructure and SBOMs to map your exposure to vulnerabilities like CVE-2026-26332.

Start Free Scan →← Back to CVE-2026-26332