CVE-2026-27597
- Source
- https://cve.org/CVERecord?id=CVE-2026-27597
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27597.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27597
- Aliases
- Published
- 2026-02-25T03:56:25.927Z
- Modified
- 2026-03-03T01:23:47.343647Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- @enclave-vm/core is vulnerable to Sandbox Escape
- Details
-
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by
@enclave-vm/core, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27597.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-94" ] }- References
Affected packages
Git / github.com/agentfront/enclave
Affected ranges
- Type
- GIT
- Repo
- https://github.com/agentfront/enclave
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
ast-guard@1.*
ast-guard@1.1.0
ast-guard@1.1.1
ast-guard@1.1.2
ast-guard@2.*
ast-guard@2.0.0
ast-guard@2.1.0
ast-guard@2.2.0
ast-guard@2.3.0
ast-guard@2.4.0
enclave-vm@1.*
enclave-vm@1.0.2
enclave-vm@1.0.3
enclave-vm@2.*
enclave-vm@2.0.0
enclave-vm@2.1.0
enclave-vm@2.2.0
enclave-vm@2.3.0
enclave-vm@2.4.0
enclave-vm@2.5.0
enclave-vm@2.6.0
enclave-vm@2.7.0
v1.*
v1.0.0
v1.1.0
v2.*
v2.0.0
v2.11.0
vectoriadb@2.*
vectoriadb@2.0.0
vectoriadb@2.0.1
vectoriadb@2.0.2