CVE-2026-27597: Enclave

Overview

A critical security vulnerability has been identified in Enclave, a secure JavaScript sandbox used for safely executing AI agent code. This flaw allowed an attacker to break out of the sandbox’s security boundaries, potentially leading to a complete compromise of the host system.

Vulnerability Details

Enclave is designed to run untrusted code, like that from AI agents, in a tightly controlled, isolated environment (a sandbox). This prevents the code from accessing sensitive system resources or data. The vulnerability, present in versions prior to 2.11.1 of the @enclave-vm/core package, was a flaw in these isolation mechanisms. A malicious actor could craft specific code to “escape” the sandbox, bypassing all intended security restrictions.

Potential Impact

The impact of this vulnerability is severe. Successful exploitation leads to Remote Code Execution (RCE). This means an attacker could run arbitrary commands or software on the underlying server hosting the Enclave sandbox. Consequences include:

• Full system compromise and data theft.
• Installation of malware or ransomware.
• Use of the server as a foothold to attack other internal systems.
• Disruption or manipulation of the AI agents and their functions.

With a maximum CVSS score of 10.0, this is considered a critical threat that requires immediate action.

Remediation and Mitigation

The primary and essential remediation is to update the software immediately.

1. Immediate Update (Recommended Action): Upgrade the @enclave-vm/core package to version 2.11.1 or later. This version contains the fix that properly enforces the sandbox security boundaries. Update your application dependencies using your standard package manager (e.g., npm, yarn).

npm update @enclave-vm/core

2. Verification: After updating, verify that your application is running version 2.11.1 or newer. You can check this in your package.json file or by running:

npm list @enclave-vm/core

3. For Systems That Cannot Update Immediately: If an immediate update is not possible, consider temporarily disabling or isolating instances running the vulnerable versions of Enclave, especially if they process untrusted AI agent code from external sources. There is no known effective workaround other than applying the patch.

All users and administrators leveraging Enclave for AI agent code execution should prioritize this update to protect their systems from potential exploitation.