Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27597 is a critical security vulnerability in the npm package `@enclave-vm/core`, a secure JavaScript sandbox used for safe AI agent code execution. Prior to version 2.11.1, attackers could escape the sandbox's security boundaries by exploiting improper isolation of intrinsic objects and unsafe access to constructors."}, {'type': 'paragraph', 'content': "This escape allows attackers to obtain the native JavaScript Object constructor instead of the sandbox's SafeObject wrapper, enabling them to access restricted properties and ultimately execute arbitrary code on the host system remotely (remote code execution or RCE)."}, {'type': 'paragraph', 'content': "The vulnerability involves bypassing sandbox protections through techniques such as leveraging the host object `__host_memory_track__` when memory limits are set, or exploiting Node.js's `nodejs.util.inspect.custom` symbol when no memory limit is set. These methods allow attackers to run system commands outside the sandbox."}, {'type': 'paragraph', 'content': 'The issue was fixed in version 2.11.1 by strengthening intrinsic object isolation, improving console isolation, hardening host callback exposure paths, closing AST validation gaps, and adding defensive checks around constructor access and prototype traversal.'}] [2, 1]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can have severe impacts because it allows untrusted code running inside an Enclave instance to fully escape the sandbox environment and execute arbitrary commands on the host system remotely.'}, {'type': 'paragraph', 'content': "Such remote code execution (RCE) can lead to complete compromise of the host system's confidentiality, integrity, and availability."}, {'type': 'list_item', 'content': 'Attackers can run arbitrary system commands, potentially gaining full control over the host.'}, {'type': 'list_item', 'content': 'Sensitive data on the host system can be exposed or altered.'}, {'type': 'list_item', 'content': 'System stability and availability can be disrupted by malicious actions.'}, {'type': 'paragraph', 'content': 'Because the vulnerability requires no privileges or user interaction and has a network attack vector with low complexity, it poses a critical risk to any system using vulnerable versions of the package.'}] [2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves analyzing JavaScript code for disallowed identifiers that can lead to sandbox escape, particularly in object coercion scenarios.'}, {'type': 'paragraph', 'content': 'A validation framework using a DisallowedIdentifierRule and a JSAstValidator can be employed to scan JavaScript Abstract Syntax Trees (ASTs) for unsafe usage of identifiers such as "constructor", "__proto__", and "prototype".'}, {'type': 'paragraph', 'content': 'Tests include checking for disallowed identifiers returned by toString or valueOf methods in objects, as well as their use in computed property keys, template literals, conditional expressions, and other complex JavaScript expressions.'}, {'type': 'paragraph', 'content': 'While no specific network or system commands are provided, detection requires static code analysis tools or custom scripts that parse JavaScript ASTs to identify these patterns.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The primary immediate mitigation step is to upgrade the affected npm package `@enclave-vm/core` to version 2.11.1 or later, where the vulnerability has been fixed.

The fix includes strengthened intrinsic object isolation, improved console isolation, hardened host callback exposure paths, closed AST validation gaps, and additional defensive checks around constructor access and prototype traversal.

Until the upgrade can be applied, avoid running untrusted code inside Enclave instances, as the vulnerability allows remote code execution and full sandbox escape.

Useful 0 Not Useful 0