CVE-2026-27597 – CVE-2026-27597 is a critical sandbox escape vul... (How to Fix)

Q: What is the severity of CVE-2026-27597?

CVE-2026-27597 has a CVSS score of 10.0 (CRITICAL). CVE-2026-27597 is a critical sandbox escape vulnerability in Enclave, a secure JavaScript sandbox for AI agent code execution. Attackers can bypass security boundaries to achieve remote code execution (RCE) on the host system. This affects all users running Enclave versions before 2.11.1.

📋 TL;DR

CVE-2026-27597 is a critical sandbox escape vulnerability in Enclave, a secure JavaScript sandbox for AI agent code execution. Attackers can bypass security boundaries to achieve remote code execution (RCE) on the host system. This affects all users running Enclave versions before 2.11.1.

💻 Affected Systems

Products:

Enclave (@enclave-vm/core)

Versions: All versions before 2.11.1

Operating Systems: All platforms running Node.js

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using Enclave for AI agent code execution is vulnerable regardless of configuration.

📦 What is this software?

Enclave by Agentfront

View all CVEs affecting Enclave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the host system with full RCE, allowing attackers to execute arbitrary code, access sensitive data, and pivot to other systems.

🟠

Likely Case

RCE leading to data theft, system compromise, and potential lateral movement within the environment.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented, though RCE would still be possible within the sandbox's context.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The advisory suggests the vulnerability can be exploited remotely without authentication, though specific exploit details aren't public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.11.1

Vendor Advisory: https://github.com/agentfront/enclave/security/advisories/GHSA-f229-3862-4942

Restart Required: Yes

Instructions:

1. Update @enclave-vm/core to version 2.11.1 or later using npm update @enclave-vm/core. 2. Restart any services or applications using Enclave. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable Enclave Usage

all

Temporarily disable or remove Enclave from production until patched.

npm uninstall @enclave-vm/core

🧯 If You Can't Patch

Isolate affected systems from network access and sensitive data.
Implement strict network segmentation and monitor for unusual activity.

🔍 How to Verify

Check if Vulnerable:

Check package.json or run npm list @enclave-vm/core to see the installed version.

Check Version:

npm list @enclave-vm/core

Verify Fix Applied:

Confirm @enclave-vm/core version is 2.11.1 or higher using npm list @enclave-vm/core.

📡 Detection & Monitoring

Log Indicators:

Unusual process spawns from Node.js applications
Errors or warnings related to Enclave sandbox violations

Network Indicators:

Unexpected outbound connections from systems running Enclave

SIEM Query:

Process creation events where parent process is node.exe and command line contains enclave-related strings

📊 Metadata

CVE ID: CVE-2026-27597

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-94

Published: February 25, 2026

Last Updated: February 27, 2026

🔗 References

https://github.com/agentfront/enclave/commit/09afbebe4cb6d0586c1145aa71ffabd2103932db Patch
https://github.com/agentfront/enclave/security/advisories/GHSA-f229-3862-4942 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27597, you might also want to check these: