VM2 Sandbox Breakout Through lookupGetter

Description

A vulnerability was found in patriksimek vm2 up to 3.10.x. It has been classified as critical. This vulnerability affects unknown code. Performing a manipulation results in code injection. This vulnerability was named CVE-2026-24118. The attack may be initiated remotely.

Affected Products

Vendor	Product	Versions
vm2	vm2	< 3.11.0

References

https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p(x_refsource_CONFIRM)
https://github.com/patriksimek/vm2/commit/2b5f3e3a060d9088f5e1cdd585d683d491f990a3(x_refsource_MISC)
https://github.com/patriksimek/vm2/commit/f9b700b1c7d9ef2df416666cb24e0b659140cc74(x_refsource_MISC)
https://github.com/patriksimek/vm2/releases/tag/v3.11.0(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-24118 | patriksimek vm2 up to 3.10.x code injection (GHSA-grj5-jjm8-h35p)

→ No new info (linked only)

VM2 Sandbox Breakout Through lookupGetter

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History

VM2 Sandbox Breakout Through __lookupGetter__

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History

VM2 Sandbox Breakout Through lookupGetter