Description

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to reach the host Function constructor. An attacker can intentionally trigger a host error, then climb the prototype chain. Using the host Function constructor, arbitrary JavaScript can be compiled and executed in the host context, fully bypassing the sandbox and granting access to sensitive resources such as process.env, filesystem, and network. This breaks enclave-vm’s core security guarantee of isolating untrusted code. This vulnerability is fixed in 2.7.0.

INFO

Published Date :

2026-01-13T23:11:49.098Z

Last Modified :

2026-01-14T14:33:18.579Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22686 vulnerability.

Vendors Products
Agentfront
  • Enclave
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22686.

URL Resource
https://github.com/agentfront/enclave/commit/ed8bc438b2cd6e6f0b5f2de321e5be6f0169b5a1 cve-icon cve-icon
https://github.com/agentfront/enclave/security/advisories/GHSA-7qm7-455j-5p63 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact