CVE-2026-3386

EUVD-2026-9121
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wrenwren
𝑥
≤ 0.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/oneafter/0122/blob/main/i1219/repro
https://github.com/wren-lang/wren/
https://github.com/wren-lang/wren/issues/1219
https://vuldb.com/?ctiid.348272
https://vuldb.com/?id.348272
https://vuldb.com/?submit.761306