Login Sign Up

CVE-2026-22686

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2026-22686 is a critical sandbox escape vulnerability in enclave-vm that allows untrusted JavaScript code to execute arbitrary code in the host Node.js runtime. By intentionally triggering a host error and traversing the prototype chain, attackers can bypass the sandbox completely and access sensitive host resources. This affects all users running enclave-vm versions before 2.7.0.

💻 Affected Systems

Products:
  • enclave-vm
Versions: All versions prior to 2.7.0
Operating Systems: All platforms running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: Any configuration using enclave-vm for JavaScript sandboxing is vulnerable. The vulnerability exists in the core sandbox mechanism.

📦 What is this software?

Enclave by Agentfront

View all CVEs affecting Enclave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the host system - attackers can execute arbitrary code, access environment variables, filesystem, network resources, and potentially pivot to other systems.

🟠

Likely Case

Data exfiltration, credential theft, and unauthorized access to sensitive resources within the host environment.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented, but sandbox isolation is still completely broken.

🌐 Internet-Facing: HIGH - Any internet-facing service using vulnerable enclave-vm could be fully compromised.
🏢 Internal Only: HIGH - Even internal services are vulnerable to authenticated or network-accessible attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit requires triggering a tool invocation error, which can be done intentionally by sandboxed code. Public advisory includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.0

Vendor Advisory: https://github.com/agentfront/enclave/security/advisories/GHSA-7qm7-455j-5p63

Restart Required: Yes

Instructions:

1. Update enclave-vm to version 2.7.0 or later using npm update enclave-vm. 2. Restart any services using enclave-vm. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable enclave-vm usage

all

Temporarily disable or remove enclave-vm from production until patched

npm uninstall enclave-vm

🧯 If You Can't Patch

  • Isolate affected systems in a restricted network segment with no sensitive data access
  • Implement strict input validation and monitoring for any enclave-vm error conditions

🔍 How to Verify

Check if Vulnerable:

Check package.json or run npm list enclave-vm to see if version is below 2.7.0

Check Version:

npm list enclave-vm | grep enclave-vm

Verify Fix Applied:

Confirm enclave-vm version is 2.7.0 or higher using npm list enclave-vm

📡 Detection & Monitoring

Log Indicators:

  • Unusual error patterns from enclave-vm
  • Multiple tool invocation failures
  • Unexpected process spawns from Node.js runtime

Network Indicators:

  • Unexpected outbound connections from Node.js processes
  • Data exfiltration patterns

SIEM Query:

process.name:node AND (error_message:*enclave* OR process.args:*Function*constructor*)

📊 Metadata

CVE ID: CVE-2026-22686
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.15% exploit probability (35.2th percentile)
Published: January 14, 2026
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22686, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)