VYPR

npm package

enclave-vm

pkg:npm/enclave-vm

Vulnerabilities (2)

  • CVE-2026-25533Feb 6, 2026
    affected <= 2.7.0

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cove

  • CVE-2026-22686Jan 13, 2026
    affected < 2.7.0fixed 2.7.0

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool inv