A vulnerability described as critical has been identified in patriksimek vm2 up to 3.11.3 . This affects the function Promise.prototype.finally . Such manipulation leads to dynamically-managed code resources. This vulnerability is uniquely identified as CVE-2026-47210 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.