Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Root VM2 Package Allows Unauthorized Access
ROOT-APP-NPM-CVE-2026-44008
Summary
A security patch has been released for Root's VM2 package. If not updated, attackers could potentially gain unauthorized access to Root systems. Update to the latest version of the package to ensure security.
What to do
- Update rootio @rootio/vm2 to version 3.10.5-root.io.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/vm2 |
< 3.10.5-root.io.5 Fix: upgrade to 3.10.5-root.io.5
|
Original title
CVE-2026-44008 in @rootio/vm2 - Patched by Root
Original description
Root has patched CVE-2026-44008 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available.
osv CVSS3.1
9.8
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 18 May 2026