{"data":{"id":"8260af40-904a-4d3f-8f55-cfda6fee144f","title":"CVE-2026-22686: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sa","summary":"Enclave is a JavaScript sandbox (a restricted environment for running untrusted code safely) designed to isolate AI agent code execution. Before version 2.7.0, it had a critical vulnerability where attackers could escape the sandbox by triggering an error, climbing the prototype chain (the sequence of objects that inherit properties from each other) to reach the host Function constructor, and then executing arbitrary code on the underlying Node.js system with access to sensitive data like environment variables and files.","solution":"This vulnerability is fixed in version 2.7.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-22686","publishedAt":"2026-01-14T00:15:49.957Z","cveId":"CVE-2026-22686","cweIds":["CWE-94","CWE-693"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Enclave"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00203,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}