cbcvebase.

Agentfront Enclave vulnerabilities

3 known vulnerabilities affecting agentfront/enclave.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2026-22686P2CRITICALCVSS 10.0fixed in 2.7.02026-01-14
CVE-2026-22686 [CRITICAL] CWE-94 CVE-2026-22686: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, th Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxe
nvd
CVE-2026-27597P2CRITICALCVSS 10.0fixed in 2.11.12026-02-25
CVE-2026-27597 [CRITICAL] CWE-94 CVE-2026-27597: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2 Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1.
nvd
CVE-2026-25533P3HIGHCVSS 8.8≥ 2.7.0, < 2.10.1fixed in 2.10.12026-02-06
CVE-2026-25533 [HIGH] CWE-835 CVE-2026-25533: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, t Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor acc
nvd
Agentfront Enclave vulnerabilities | cvebase