Frontegg-David

**Name of the Vulnerable Software and Affected Versions** Enclave versions prior to 2.7.0 **Description** Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical sandbox escape issue exists in enclave-vm, allowing untrusted JavaScript code to execute arbitrary code in the host Node.js runtime. This occurs because when a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object maintains its host realm prototype chain, which can be used to access the host Function constructor. An attacker can trigger a host error and then traverse the prototype chain to utilize the host Function constructor, enabling the compilation and execution of arbitrary JavaScript in the host context. This bypasses the sandbox, granting access to sensitive resources like process.env, the filesystem, and the network. The issue breaks the core security guarantee of isolating untrusted code. **Recommendations** Update to version 2.7.0 or later.