CVE-2026-22686: enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

January 14, 2026 (updated January 15, 2026)

A critical sandbox escape vulnerability exists in enclave-vm (affected: < 2.6.0, patched: 2.7.0) that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime.

When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to reach the host Function constructor:

Error instance → Error.prototype → Error constructor → Function constructor

With access to the host Function constructor, an attacker can compile and execute arbitrary JavaScript in the host context — bypassing the sandbox boundary and potentially gaining access to sensitive resources such as process.env, filesystem, and network.

This breaks enclave-vm’s core security guarantee of isolating untrusted code.

References

Code Behaviors & Features

Detect and mitigate CVE-2026-22686 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →