CVE-2026-27597

{"id": "CVE-2026-27597", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2026-02-25T04:16:03.557", "references": [{"url": "https://github.com/agentfront/enclave/commit/09afbebe4cb6d0586c1145aa71ffabd2103932db", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/agentfront/enclave/security/advisories/GHSA-f229-3862-4942", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1."}, {"lang": "es", "value": "Enclave es un sandbox seguro de JavaScript dise\u00f1ado para la ejecuci\u00f3n segura de c\u00f3digo de agentes de IA. Antes de la versi\u00f3n 2.11.1, es posible evadir los l\u00edmites de seguridad establecidos por `@enclave-vm/core`, lo que puede utilizarse para lograr ejecuci\u00f3n remota de c\u00f3digo (RCE). El problema ha sido solucionado en la versi\u00f3n 2.11.1."}], "lastModified": "2026-02-27T18:27:17.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:agentfront:enclave:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "77757A08-0B36-4B41-9474-A7AD214D4FB0", "versionEndExcluding": "2.11.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}