Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Root:npm vm2 Vulnerability: Uncontrolled Memory Access

ROOT-APP-NPM-CVE-2026-44006

Summary

The @rootio/vm2 package in Root:npm has a memory access issue that could be exploited by attackers. This could lead to unauthorized data access or system crashes. Update to a fixed version of @rootio/vm2 to resolve this issue.

What to do

Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
Update rootio @rootio/vm2 to version 3.10.5-root.io.4.
Update rootio @rootio/vm2 to version 3.10.5-root.io.5.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:npm	rootio	@rootio/vm2	< 3.10.5-root.io.3 < 3.10.5-root.io.4 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3

Original title

CVE-2026-44006 in @rootio/vm2 - Patched by Root

Original description

Root has patched CVE-2026-44006 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.

osv CVSS3.1 10.0

Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026