CVE-2026-27597

CRITICAL

Enclave <2.11.1 - RCE

Title source: llm

Description

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.

Exploits (1)

nomisec SUSPICIOUS

by NetVanguard-cmd · poc

https://github.com/NetVanguard-cmd/CVE-2026-27597

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/agentfront/enclave/commit/09afbebe4cb6d0586c1145aa71ffabd2103932db

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/agentfront/enclave/security/advisories/GHSA-f229-3862-4942

Scores

CVSS v3 10.0

EPSS 0.0074

EPSS Percentile 73.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (2)

agentfront/enclave < 2.11.1

enclave-vm/core 0 - 2.11.1npm

Published Feb 25, 2026

Tracked Since Feb 25, 2026