CVE-2026-25533 in enclaveالمعلومات

الملخص

بحسب MITRE • 07/02/2026

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor access prevention can be side-stepped by leveraging host object references. This vulnerability is fixed in 2.10.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

02/02/2026

إفشاء

07/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-344822

CPE

جاهز

CWE

CWE-835 (مؤكد)

CVSS

8.8 (NVD)

EPSS

0.00006

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25533
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25533
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25533/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!