A critical vulnerability in Enclave allows for a complete escape of the JavaScript sandbox, enabling unauthorized remote code execution on the host system.

This flaw exists within the @enclave-vm/core component, where insufficient isolation allows code to break out of the intended sandbox environment. An attacker capable of submitting code for execution can leverage this escape to execute arbitrary commands with the privileges of the sandbox process.

Successful exploitation of this vulnerability results in full system compromise, as the primary security control of the product—the sandbox—is rendered ineffective. Given the CVSS score of 10.0, this represents the highest possible risk, potentially leading to total loss of confidentiality, integrity, and availability of the host infrastructure and sensitive AI agent data.

Immediate Action: Administrators must upgrade the Enclave environment to version 2.11.1 or later immediately to restore sandbox integrity.

Proactive Monitoring: Implement strict logging of sandbox execution attempts and monitor for unusual system calls or outbound network connections originating from the sandbox process.

Compensating Controls: Restrict the permissions of the user account running the Enclave process to the absolute minimum required to limit the impact of a potential escape.

Public Exploit Available: No

This vulnerability represents a total failure of the product's primary security function. Organizations utilizing Enclave for AI agent execution must prioritize the application of the version 2.11.1 patch immediately. Failure to do so leaves the underlying infrastructure exposed to complete remote takeover.