CVE-2026-27597

CRITICAL
2026-02-25 [email protected] GHSA-f229-3862-4942
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 27, 2026 - 18:27 vuln.today
Public exploit code
Patch Released
Feb 27, 2026 - 18:27 nvd
Patch available
CVE Published
Feb 25, 2026 - 04:16 nvd
CRITICAL 10.0

Tags

RCE AI / ML Enclave

Description

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.

Analysis

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the escape allows agents to execute arbitrary code outside the sandbox. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running Enclave versions <2.11.1 and assess their exposure to untrusted code sources; isolate critical instances if patching cannot be completed immediately. Within 7 days: Apply vendor patch to version 2.11.1 or later across all affected systems; verify patch deployment through version scanning. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

71
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +50
POC: +20

Share

CVE-2026-27597 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy