CVE-2026-3385

EUVD-2026-9120
A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wrenwren
𝑥
≤ 0.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/oneafter/0122/blob/main/i1218/repro
https://github.com/wren-lang/wren/
https://github.com/wren-lang/wren/issues/1218
https://vuldb.com/?ctiid.348271
https://vuldb.com/?id.348271
https://vuldb.com/?submit.761305