CVE-2026-43998 | patriksimek vm2 3.10.5 path.resolve link following (GHSA-cp6g-6699-wx9c)

A vulnerability classified as critical has been found in patriksimek vm2 3.10.5. This vulnerability affects the function path.resolve. Performing a manipulation results in link following.

This vulnerability was named CVE-2026-43998. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More