CVE-2026-2858

Sažetak

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/oneafter/0122/blob/main/i1217/repro
https://github.com/wren-lang/wren/
https://github.com/wren-lang/wren/issues/1217
https://vuldb.com/?ctiid.347097
https://vuldb.com/?id.347097
https://vuldb.com/?submit.754489

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

20-02-2026 - 22:16

Objavljeno

20-02-2026 - 22:16