2 matches found
CVE-2026-22686
The CVE-2026-22686 issue affects enclave-vm prior to version 2.7.0. A sandbox escape exists when a tool invocation fails and a host-side Error object is leaked into the sandbox, allowing traversal of the host realm prototype chain to reach the host Function constructor. This enables arbitrary cod...
CVE-2026-27597
Summary: CVE-2026-27597 affects Enclave’s secure JavaScript sandbox with a vulnerability in the @enclave-vm/core boundaries prior to 2.11.1, allowing an attacker to escape the sandbox and achieve remote code execution. The issue is mitigated by upgrading to version 2.11.1, where the boundary esca...