Node.js Module @enclave-vm/core < 2.11.0 RCE

The version of the @enclave-vm/core Node.js module installed on the remote host is prior to 2.11.0. It is, therefore, affected by a remote code execution vulnerability: - It is possible to escape the security boundaries of the sandbox, which can be used to achieve remote code execution...

@enclave-vm/core is vulnerable to Sandbox Escape

Summary It is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1. --- Details It is possible to obtain the native Object constructor instead of the SafeObject wrapper. This can be...

Arbitrary Code Injection

Overview @enclave-vm/ast is a production-ready, extensible AST validator for JavaScript with rule-based validation Affected versions of this package are vulnerable to Arbitrary Code Injection by escaping the enclave sandbox. An attacker can pollute the Object constructor rather than the intended...

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597

Summary: CVE-2026-27597 affects Enclave’s secure JavaScript sandbox with a vulnerability in the @enclave-vm/core boundaries prior to 2.11.1, allowing an attacker to escape the sandbox and achieve remote code execution. The issue is mitigated by upgrading to version 2.11.1, where the boundary esca...

Infinite loop

Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...

@frontmcp/adapters (>=0.5.0 <=0.8.0), @frontmcp/plugin-approval (>=0.7.1 <=0.8.0) +9 more potentially affected by CVE-2026-25533 via enclave-vm (>=1.0.3 <=2.7.0)

enclave-vm NPM version =1.0.3, =0.5.0, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.8.0 - frontmcp =0.5.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...

@enclave-vm/broker (>=0.0.1 <=2.10.0), @enclave-vm/runtime (>=0.0.1 <=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (>=0.0.1 <=2.10.0)

@enclave-vm/core NPM version =0.0.1, =0.0.1, =0.0.1, =2.10.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...

@enclave-vm/broker (=2.10.0), @enclave-vm/runtime (=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (=2.10.0)

@enclave-vm/core NPM version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @enclave-vm/core and may be impacted: - @enclave-vm/broker =2.10.0 - @enclave-vm/runtime =2.10.0 Source cves: CVE-2026-25533 Source advisory:...

Infinite loop

Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that exploit hos...

Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

@frontmcp/adapters (>=0.5.0 <=0.8.0), @frontmcp/plugin-approval (>=0.7.1 <=0.8.0) +9 more potentially affected by CVE-2026-25533 via enclave-vm (>=1.0.3 <=2.7.0)

enclave-vm NPM version =1.0.3, =0.5.0, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.8.0 - frontmcp =0.5.0 Source cves: CVE-2026-25533 Source advisory: SNYK:JS-ENCLAVEVM-15248348...

PT-2026-6649

Name of the Vulnerable Software and Affected Versions enclave-vm versions prior to 2.10.1 @enclave-vm/core versions prior to 2.10.1 Description The security measures within enclave-vm are inadequate. The Abstract Syntax Tree AST sanitization can be circumvented using dynamic property accesses. Th...

CVE-2026-22686

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

@frontmcp/adapters (>=0.5.0 <=0.6.3), @frontmcp/plugins (>=0.5.0 <=0.6.3) +4 more potentially affected by CVE-2026-22686 via enclave-vm (=1.0.3)

enclave-vm NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on enclave-vm and may be impacted: - @frontmcp/adapters =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.6.3 - frontmcp =0.5.0 Source cves: CVE-2026-22686 Source advisory:...

GHSA-7QM7-455J-5P63 enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

CVE-2026-22686

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

Protection Mechanism Failure

Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Protection Mechanism Failure via the exposure of a host-side Error object to sandboxed code, which retains its host realm prototype chain. An attacker can intentionall...

CVE-2026-22686

The CVE-2026-22686 issue affects enclave-vm prior to version 2.7.0. A sandbox escape exists when a tool invocation fails and a host-side Error object is leaked into the sandbox, allowing traversal of the host realm prototype chain to reach the host Function constructor. This enables arbitrary cod...