CVE-2026-22686
Sandbox Escape in enclave-vm Allows Arbitrary Host Code Execution
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| unknown_vendor | enclave-vm | to 2.6.0 (exc) |
| unknown_vendor | enclave-vm | 2.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22686 is a critical sandbox escape vulnerability in the enclave-vm JavaScript sandbox. When a tool invocation fails, the sandbox exposes a host-side Error object to the sandboxed code. This Error object retains its host prototype chain, allowing an attacker to traverse it to reach the host's Function constructor. By triggering a host error and climbing this prototype chain, an attacker can compile and execute arbitrary JavaScript code in the host Node.js runtime, bypassing the sandbox's isolation and gaining access to sensitive host resources like environment variables, filesystem, and network. This breaks the core security guarantee of enclave-vm. The vulnerability is fixed in version 2.7.0. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, given that the vulnerability allows arbitrary code execution in the host environment and access to sensitive resources like environment variables, filesystem, and network, it could potentially lead to unauthorized data access or data breaches, which may affect compliance with data protection regulations. Specific compliance implications are not detailed in the provided text. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows an attacker to escape the sandbox and execute arbitrary code in the host Node.js runtime. This means the attacker can access sensitive resources such as environment variables (process.env), the filesystem, and network capabilities. This can lead to full compromise of the host system running enclave-vm, including data theft, unauthorized system access, and potential further exploitation or disruption of services. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading enclave-vm to version 2.7.0 or later, which contains the fix for this vulnerability. Additionally, mitigation strategies involve re-creating all Error objects crossing the sandbox boundary inside the sandbox realm to avoid exposing host prototypes, stripping or freezing prototype chains of host objects to prevent prototype chain traversal, preventing access to host Function constructors from sandboxed code, and hardening tool error handling to avoid leaking host-native objects. [2]