AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-27597: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possibl

criticalvulnerability

security

Source: NVD/CVE DatabaseFebruary 24, 2026CVE-2026-27597

Summary

Enclave is a secure JavaScript sandbox designed to safely run code from AI agents, but versions before 2.11.1 had a vulnerability that allowed attackers to escape the security boundaries and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). This weakness is related to code injection (CWE-94, a type of bug where untrusted input is used to generate code that gets executed).

Solution / Mitigation

Update to version 2.11.1 or later. The issue has been fixed in version 2.11.1.

Vulnerability Details

CVSS Score

10(critical)

EPSS (30-day exploit probability)

EPSS: 0.5%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentialityavailability

Taxonomy References

CWE (Weakness Type)

CWE-94

CAPEC (Attack Pattern)

CAPEC-242

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-27597

First tracked: February 25, 2026 at 03:07 AM

Classified by LLM (prompt v3) · confidence: 92%