Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm…

A critical sandbox escape vulnerability in enclave-vm prior to version 2.7.0 allows untrusted JavaScript code to execute arbitrary code in the host Node.js runtime. The vulnerability occurs when tool invocations fail and enclave-vm exposes a host-side Error object to sandboxed code. Attackers can traverse the prototype chain to reach the host Function constructor, enabling arbitrary JavaScript execution in the host context. This bypasses the sandbox entirely, granting access to sensitive resources including process.env, filesystem, and network. The vulnerability breaks enclave-vm's core security guarantee of isolating untrusted code and has been fixed in version 2.7.0.