VYPR
Vendor

Agentfront

Products
3
CVEs
4
Across products
5
Status
Private

Products

3

Recent CVEs

4
  • CVE-2026-39885HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom…

  • CVE-2026-27597Feb 25, 2026
    risk 0.00cvss epss 0.01

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version…

  • CVE-2026-25533Feb 6, 2026
    risk 0.00cvss epss 0.00

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not…

  • CVE-2026-22686Jan 13, 2026
    risk 0.00cvss epss 0.01

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool…