CVE-2026-10267

EUVD-2026-33654
A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/biniamf/pocs/tree/main/janet-debug-janet-doframe-env-data-oobread
https://github.com/janet-lang/janet/
https://github.com/janet-lang/janet/commit/ed17dd2c5913a23fb1107251e44a9410a3c30cf5
https://github.com/janet-lang/janet/issues/1743
https://github.com/janet-lang/janet/issues/1743#issuecomment-4322129448
https://vuldb.com/cve/CVE-2026-10267
https://vuldb.com/submit/825072
https://vuldb.com/vuln/367546
https://vuldb.com/vuln/367546/cti