CVE-2026-25533: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers o
Summary
Enclave is a secure JavaScript sandbox used to safely run code written by AI agents. Before version 2.10.1, attackers could bypass its security protections in three ways: using dynamic property accesses to skip code validation, exploiting how error objects work in Node.js's vm module (a built-in tool for running untrusted code safely), and accessing functions through host object references to escape sandbox restrictions.
Solution / Mitigation
This vulnerability is fixed in version 2.10.1.
Vulnerability Details
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25533
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%