CVE-2026-25533

EUVD-2026-5565

06.02.2026, 22:16

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor access prevention can be side-stepped by leveraging host object references. This vulnerability is fixed in 2.10.1.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
agentfront	enclave	2.7.0 ≤ 𝑥 < 2.10.1

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f379165426dca

https://github.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p

https://www.staicu.org/publications/usenixSec2023-SandDriller.pdf