9 matches found
CVE-2026-27597
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...
EUVD-2026-8617
@enclave-vm/core is vulnerable to Sandbox Escape...
CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...
CVE-2026-27597
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...
PT-2026-21851
Name of the Vulnerable Software and Affected Versions Enclave versions prior to 2.11.1 Description Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical security flaw exists in versions prior to 2.11.1, allowing an attacker to escape the sandbox boundaries and...
CVE-2026-25533
Enclave (enclave-vm) prior to version 2.10.1 contains multiple sandbox weaknesses: AST sanitization can be bypassed with dynamic property accesses; error object hardening does not cover vm module peculiarities; and function constructor access can be circumvented via host object references. The is...
EUVD-2026-5565
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...