CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2026-26332 – vm2: Sandbox Escape
https://notcve.org/view.php?id=CVE-2026-26332
04 May 2026 — vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. • https://github.com/patriksimek/vm2/releases/tag/v3.11.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7345
https://notcve.org/view.php?id=CVE-2026-7345
28 Apr 2026 — Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7350
https://notcve.org/view.php?id=CVE-2026-7350
28 Apr 2026 — Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7352
https://notcve.org/view.php?id=CVE-2026-7352
28 Apr 2026 — Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7353
https://notcve.org/view.php?id=CVE-2026-7353
28 Apr 2026 — Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7354
https://notcve.org/view.php?id=CVE-2026-7354
28 Apr 2026 — Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7359
https://notcve.org/view.php?id=CVE-2026-7359
28 Apr 2026 — Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7333
https://notcve.org/view.php?id=CVE-2026-7333
28 Apr 2026 — Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7343
https://notcve.org/view.php?id=CVE-2026-7343
28 Apr 2026 — Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-7344
https://notcve.org/view.php?id=CVE-2026-7344
28 Apr 2026 — Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •