Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.
The vulnerability (CWE-94 — improper control of generation of code) exists in the `@enclave-vm/core` component in all Enclave versions prior to 2.11.1. An attacker can construct specially crafted JavaScript code that breaks the sandbox isolation boundaries. After escaping the sandbox, arbitrary code execution is possible at the level of the host environment in which Enclave runs.
An attacker can gain full control over the system hosting the sandbox, which includes compromise of confidentiality, integrity, and availability of resources (H/H/H rating in CVSS). The vulnerability allows RCE without any required privileges or victim interaction.
Agentfront Enclave should be updated immediately to version 2.11.1 or later, where the issue has been fixed. Patch details are available in the GitHub repository (commit 09afbebe4cb6d0586c1145aa71ffabd2103932db) and in the official security advisory GHSA-f229-3862-4942.
Agentfront Enclave in all versions before 2.11.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAgentfront Enclave
APPAgentfront< 2.11.1
Related vulnerabilities
Ucieczka z sandbox w Agentfront Enclave — RCE w środowisku Node.js
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existin...
FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-op...