Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
Root:npm vm2 Package Unpatched on Older Versions
ROOT-APP-NPM-CVE-2026-44005
Summary
If you're using Root's npm package and haven't updated vm2 recently, you may be at risk of a security issue. This issue has been fixed by Root in newer versions of vm2. We recommend updating to the latest version to stay secure.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.4.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.3 < 3.10.5-root.io.4 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3
|
Original title
CVE-2026-44005 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-44005 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
10.0
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026