cbcvebase.
CVE-2026-27597
published 2026-02-25

CVE-2026-27597: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries…

PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.88%
54.5th percentile
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
agentfrontenclave< 2.11.12.11.1
enclave-vmcore>= 0 < 2.11.12.11.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.