Lucene search
+L

508 matches found

Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.14 views

PT-2026-21851

Name of the Vulnerable Software and Affected Versions Enclave versions prior to 2.11.1 Description Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical security flaw exists in versions prior to 2.11.1, allowing an attacker to escape the sandbox boundaries and...

10CVSS6.7AI score0.00878EPSS
Exploits2References20
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.10 views

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-092 (ALASNITRO-ENCLAVES-2026-092)

The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-092 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code...

8.6CVSS6.5AI score0.00532EPSS
Exploits0References6
Fedora
Fedora
added 2026/02/11 1:0 a.m.9 views

[SECURITY] Fedora 42 Update: rust-eif_build-0.2.1-6.fc42

This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.10 views

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

8.8CVSS5.6AI score0.0023EPSS
Exploits1References1
NVD
NVD
added 2026/02/06 10:16 p.m.28 views

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

8.8CVSS0.0023EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 9:16 p.m.10 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.7AI score0.0023EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/06 9:16 p.m.5 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.8AI score0.0023EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:16 p.m.5 views

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.7AI score0.0023EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/06 9:16 p.m.6 views

EUVD-2026-5565

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.7AI score0.0023EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/06 9:16 p.m.33 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS0.0023EPSS
Exploits1References3
CVE
CVE
added 2026/02/06 9:16 p.m.22 views

CVE-2026-25533

Enclave (enclave-vm) prior to version 2.10.1 contains multiple sandbox weaknesses: AST sanitization can be bypassed with dynamic property accesses; error object hardening does not cover vm module peculiarities; and function constructor access can be circumvented via host object references. The is...

8.8CVSS5.6AI score0.0023EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.10 views

Enclave 安全漏洞

Enclave is a sandbox software developed by AgentFront. Versions of Enclave prior to 2.10.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability for AST cleanup to bypass access by dynamic properties, incorrect object strengthening did not cover special behaviors of t...

8.8CVSS5.8AI score0.0023EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/05 5:49 p.m.6 views

Infinite loop

Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that exploit hos...

9.4CVSS6.1AI score0.0023EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/05 5:49 p.m.2 views

Infinite loop

Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...

9.4CVSS6.1AI score0.0023EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/05 5:49 p.m.10 views

@enclave-vm/broker (>=0.0.1 <=2.10.0), @enclave-vm/runtime (>=0.0.1 <=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (>=0.0.1 <=2.10.0)

@enclave-vm/core NPM version =0.0.1, =0.0.1, =0.0.1, =2.10.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...

8.8CVSS5.8AI score0.0023EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/05 5:49 p.m.7 views

@frontmcp/adapters (>=0.5.0 <=0.8.0), @frontmcp/plugin-approval (>=0.7.1 <=0.8.0) +9 more potentially affected by CVE-2026-25533 via enclave-vm (>=1.0.3 <=2.7.0)

enclave-vm NPM version =1.0.3, =0.5.0, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.8.0 - frontmcp =0.5.0 Source cves: CVE-2026-25533 Source advisory: SNYK:JS-ENCLAVEVM-15248348...

8.8CVSS5.8AI score0.0023EPSS
Exploits1
OSV
OSV
added 2026/02/05 5:49 p.m.6 views

GHSA-X39W-8VM5-5M3P Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

6.4CVSS6.2AI score0.0023EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/02/05 5:49 p.m.6 views

@frontmcp/adapters (>=0.5.0 <=0.8.0), @frontmcp/plugin-approval (>=0.7.1 <=0.8.0) +9 more potentially affected by CVE-2026-25533 via enclave-vm (>=1.0.3 <=2.7.0)

enclave-vm NPM version =1.0.3, =0.5.0, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.7.1, =0.5.0, =0.5.0, =0.5.0, =0.6.1, =0.8.0 - frontmcp =0.5.0 Source cves: CVE-2026-25533 Source advisory: OSV:GHSA-X39W-8VM5-5M3P...

8.8CVSS5.8AI score0.0023EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/05 5:49 p.m.9 views

@enclave-vm/broker (=2.10.0), @enclave-vm/runtime (=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (=2.10.0)

@enclave-vm/core NPM version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @enclave-vm/core and may be impacted: - @enclave-vm/broker =2.10.0 - @enclave-vm/runtime =2.10.0 Source cves: CVE-2026-25533 Source advisory:...

8.8CVSS5.8AI score0.0023EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/02/05 5:49 p.m.11 views

Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

8.8CVSS5.8AI score0.0023EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder