#promise-sanitization

#promise-sanitization

CVE-2026-22709 in vm2 allows sandbox escape via Promise callback sanitization flaws, enabling arbitrary code execution on the host.