Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Root VM2 Package Security Patch
ROOT-APP-NPM-CVE-2026-24118
Summary
A security patch has been released for Root's VM2 package. This patch fixes a security issue that could have allowed unauthorized access to Root's systems. To stay secure, update to the latest version of the VM2 package.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.3.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.4.
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.3 < 3.10.5-root.io.4 < 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.3
|
Original title
CVE-2026-24118 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-24118 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.8
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 8 May 2026