508 matches found
PT-2026-21851
Name of the Vulnerable Software and Affected Versions Enclave versions prior to 2.11.1 Description Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical security flaw exists in versions prior to 2.11.1, allowing an attacker to escape the sandbox boundaries and...
Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-092 (ALASNITRO-ENCLAVES-2026-092)
The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-092 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code...
[SECURITY] Fedora 42 Update: rust-eif_build-0.2.1-6.fc42
This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
EUVD-2026-5565
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533
Enclave (enclave-vm) prior to version 2.10.1 contains multiple sandbox weaknesses: AST sanitization can be bypassed with dynamic property accesses; error object hardening does not cover vm module peculiarities; and function constructor access can be circumvented via host object references. The is...
Enclave 安全漏洞
Enclave is a sandbox software developed by AgentFront. Versions of Enclave prior to 2.10.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability for AST cleanup to bypass access by dynamic properties, incorrect object strengthening did not cover special behaviors of t...
Infinite loop
Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that exploit hos...
Infinite loop
Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...
@enclave-vm/broker (>=0.0.1 <=2.10.0), @enclave-vm/runtime (>=0.0.1 <=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (>=0.0.1 <=2.10.0)
@enclave-vm/core NPM version =0.0.1, =0.0.1, =0.0.1, =2.10.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...
@frontmcp/adapters (>=0.5.0 <=0.8.0), @frontmcp/plugin-approval (>=0.7.1 <=0.8.0) +9 more potentially affected by CVE-2026-25533 via enclave-vm (>=1.0.3 <=2.7.0)
enclave-vm NPM version =1.0.3, =0.5.0, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.8.0 - frontmcp =0.5.0 Source cves: CVE-2026-25533 Source advisory: SNYK:JS-ENCLAVEVM-15248348...
GHSA-X39W-8VM5-5M3P Sandbox escape via infinite recursion and error objects
Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...
@frontmcp/adapters (>=0.5.0 <=0.8.0), @frontmcp/plugin-approval (>=0.7.1 <=0.8.0) +9 more potentially affected by CVE-2026-25533 via enclave-vm (>=1.0.3 <=2.7.0)
enclave-vm NPM version =1.0.3, =0.5.0, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.8.0 - frontmcp =0.5.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...
@enclave-vm/broker (=2.10.0), @enclave-vm/runtime (=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (=2.10.0)
@enclave-vm/core NPM version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @enclave-vm/core and may be impacted: - @enclave-vm/broker =2.10.0 - @enclave-vm/runtime =2.10.0 Source cves: CVE-2026-25533 Source advisory:...
Sandbox escape via infinite recursion and error objects
Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...