Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
Root:npm vm2: Unpatched Code Execution Risk
ROOT-APP-NPM-CVE-2026-43999
Summary
A patch has been released for the vm2 library in Root:npm to prevent malicious code from being executed. This library is used by Root, so it's essential to update to the latest version to ensure the security of your system. You should check for updates and apply the patch to protect your Root environment.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.4.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.3 < 3.10.5-root.io.4 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3
|
Original title
CVE-2026-43999 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-43999 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.9
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026