CNNVD-202602-942 Information

CNNVD ID

CNNVD-202602-942

Related CVE

CVE-2026-25533

• CNNVD Published: 2026-02-06

Description (Chinese)

Enclave是AgentFront开源的一个沙箱软件。 Enclave 2.10.1之前版本存在安全漏洞，该漏洞源于AST清理可被动态属性访问绕过，错误对象强化未覆盖vm模块特殊行为，且函数构造器访问预防可通过利用主机对象引用规避。

Description (English)

Enclave is an Agent Front open-source sandbox software. Enclave 2.10.1 has a security loophole, which stems from the fact that AST clean-up can be bypassed by dynamic property access, that the wrong object is reinforced by special behaviour that does not cover the vm module, and that function constructor access prevents circumvention by using the host object reference.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AgentFront

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f379165426dca https://github.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p https://www.staicu.org/publications/usenixSec2023-SandDriller.pdf https://access.redhat.com/security/cve/cve-2026-25533

Patch

https://enclave.io/