{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T22:49:37.536","vulnerabilities":[{"cve":{"id":"CVE-2026-25533","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T22:16:11.450","lastModified":"2026-06-17T10:24:48.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor access prevention can be side-stepped by leveraging host object references. This vulnerability is fixed in 2.10.1."},{"lang":"es","value":"Enclave es un sandbox seguro de JavaScript diseñado para la ejecución segura de código de agentes de IA. Antes de 2.10.1, las capas de seguridad existentes en enclave-vm son insuficientes: La sanitización AST puede ser eludida con accesos dinámicos a propiedades, el endurecimiento de los objetos de error no cubre el comportamiento peculiar o del módulo vm y la prevención de acceso al constructor de funciones puede ser eludida aprovechando referencias a objetos del host. Esta vulnerabilidad está corregida en 2.10.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"agentfront","product":"enclave","versions":[{"version":"< 2.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-09T15:19:19.464827Z","id":"CVE-2026-25533","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agentfront:enclave:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.10.1","matchCriteriaId":"B0AEA41C-F6D1-4981-A259-DFD61CBF362F"}]}]}],"references":[{"url":"https://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f379165426dca","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.staicu.org/publications/usenixSec2023-SandDriller.pdf","source":"security-advisories@github.com","tags":["Technical Description"]}]}}]}