A significant flaw has been discovered in the widely-used Node.js sandboxing library, vm2, enabling attackers to break free from the sandbox and execute arbitrary code on the host machine. This security vulnerability, designated as CVE-2026-26956, has been confirmed to affect vm2 version 3.10.4, with earlier versions potentially also at risk. Recently, proof-of-concept exploit code has come to...