Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
Root VM2 Software Allows Unauthorized Access
ROOT-APP-NPM-CVE-2026-43997
Summary
A security patch has been released for the Root VM2 software to prevent unauthorized access. This affects users of Root's npm package. To stay secure, update to a patched version of the software as soon as possible.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.4.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.3 < 3.10.5-root.io.4 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3
|
Original title
CVE-2026-43997 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-43997 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
10.0
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026