Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Root:npm @rootio/vm2 Unpatched Virtual Machine Code Execution
ROOT-APP-NPM-CVE-2026-24781
Summary
A security patch has been released for the Root:npm @rootio/vm2 package. If left unpatched, this vulnerability could allow attackers to execute malicious code within virtual machines. Update to the latest version to ensure your system remains secure.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.4.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.3 < 3.10.5-root.io.4 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3
|
Original title
CVE-2026-24781 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-24781 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.8
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026