CVE-2026-25533HIGH 8.8EPSS p13.6%

CVE-2026-25533CVE-2026-25533

Description

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor access prevention can be side-stepped by leveraging host object references. This vulnerability is fixed in 2.10.1.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.23% probability of exploitation · percentile 13.6% · 2026-06-19T12:03:05Z
Published2026-02-06
Last modified2026-02-20

Underlying weaknesses· 1

CWE-835

References

  1. https://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f379165426dca
  2. https://github.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p
  3. https://www.staicu.org/publications/usenixSec2023-SandDriller.pdf

1

TypeTargetConfidenceTier
WeaknessLoop with Unreachable Exit Condition ('Infinite Loop')cwe-8350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22686
CVE
CVE-2026-27597
CVE
CVE-2026-25586
CVE
CVE-2026-25641
CVE
CVE-2026-25142
CVE
CVE-2026-25520
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.