CVE-2026-27597
published 2026-02-25CVE-2026-27597: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries…
PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.88%
54.5th percentile
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agentfront | enclave | < 2.11.1 | 2.11.1 |
| enclave-vm | core | >= 0 < 2.11.1 | 2.11.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
@enclave-vm/core is vulnerable to Sandbox Escape
osv·2026-02-25
CVE-2026-27597 [CRITICAL] @enclave-vm/core is vulnerable to Sandbox Escape
@enclave-vm/core is vulnerable to Sandbox Escape
## Summary
It is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE).
The issue has been fixed in version **2.11.1**.
---
## Details
It is possible to obtain the native `Object` constructor (instead of the `SafeObject` wrapper). This can be used to get retrieve property descriptors via `Object.getOwnPropertyDescriptors`, allowing access to properties otherwise restricted by the sandbox.
When a memory limit is set (which is the default), `__host_memory_track__`, a host object, can be used to escape via the host function constructor.
When this is not the case, a host reference can be obtained via Node's `nodejs.util.inspect.custom` symbol (which can be triggere
GHSA
@enclave-vm/core is vulnerable to Sandbox Escape
ghsa·2026-02-25
CVE-2026-27597 [CRITICAL] CWE-94 @enclave-vm/core is vulnerable to Sandbox Escape
@enclave-vm/core is vulnerable to Sandbox Escape
## Summary
It is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE).
The issue has been fixed in version **2.11.1**.
---
## Details
It is possible to obtain the native `Object` constructor (instead of the `SafeObject` wrapper). This can be used to get retrieve property descriptors via `Object.getOwnPropertyDescriptors`, allowing access to properties otherwise restricted by the sandbox.
When a memory limit is set (which is the default), `__host_memory_track__`, a host object, can be used to escape via the host function constructor.
When this is not the case, a host reference can be obtained via Node's `nodejs.util.inspect.custom` symbol (which can be triggere
No detection rules found.
No public exploits indexed.
2026-02-25
Published