CVE-2026-25533
Bypass Vulnerabilities in Enclave-VM Enable Sandbox Escape
Publication date: 2026-02-06
Last updated on: 2026-02-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| agentfront | enclave | From 2.7.0 (inc) to 2.10.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Enclave, a secure JavaScript sandbox used for safe AI agent code execution. Before version 2.10.1, the security measures in enclave-vm were insufficient. Specifically, the AST sanitization could be bypassed using dynamic property accesses, error object hardening did not fully address the vm module's unique behavior, and attempts to prevent function constructor access could be circumvented by exploiting host object references. These weaknesses allowed potential security bypasses within the sandbox environment.
How can this vulnerability impact me? :
This vulnerability could allow attackers to bypass the security restrictions of the Enclave JavaScript sandbox. As a result, malicious code might execute in ways that were intended to be prevented, potentially leading to unauthorized code execution or compromise of the sandbox environment's integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Enclave to version 2.10.1 or later, where the security issues have been fixed.