A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Kyndryl Holdings is rated Strong Buy after a 40% drawdown, with improving margins, bookings, and FY26 growth inflection.