Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Root VM2: Unauthenticated Access to Internal Services
ROOT-APP-NPM-CVE-2026-26332
Summary
The Root VM2 software had a security issue that allowed unauthorized access to internal services. This could have allowed attackers to access sensitive information or take control of the system. Root has released a patch to fix this issue, and users should update to a fixed version as soon as possible.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.3 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3
|
Original title
CVE-2026-26332 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-26332 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.8
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026