← Back to CVEs
CVE-2026-25533
HIGH8.8
Description
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor access prevention can be side-stepped by leveraging host object references. This vulnerability is fixed in 2.10.1.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/6/2026
Last Modified2/20/2026
Sourcenvd
Honeypot Sightings0
Affected Products
agentfront:enclave
Weaknesses (CWE)
CWE-835
References
https://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f379165426dca(security-advisories@github.com)
https://github.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p(security-advisories@github.com)
https://www.staicu.org/publications/usenixSec2023-SandDriller.pdf(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.