CVE-2026-10267

Summary

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.

Affected Software

VendorProductVersion RangeStatus
janet-langjanet1.0affected
janet-langjanet1.1affected
janet-langjanet1.2affected
janet-langjanet1.3affected
janet-langjanet1.4affected
janet-langjanet1.5affected
janet-langjanet1.6affected
janet-langjanet1.7affected
janet-langjanet1.8affected
janet-langjanet1.9affected
janet-langjanet1.10affected
janet-langjanet1.11affected
janet-langjanet1.12affected
janet-langjanet1.13affected
janet-langjanet1.14affected
janet-langjanet1.15affected
janet-langjanet1.16affected
janet-langjanet1.17affected
janet-langjanet1.18affected
janet-langjanet1.19affected
janet-langjanet1.20affected
janet-langjanet1.21affected
janet-langjanet1.22affected
janet-langjanet1.23affected
janet-langjanet1.24affected
janet-langjanet1.25affected
janet-langjanet1.26affected
janet-langjanet1.27affected
janet-langjanet1.28affected
janet-langjanet1.29affected
janet-langjanet1.30affected
janet-langjanet1.31affected
janet-langjanet1.32affected
janet-langjanet1.33affected
janet-langjanet1.34affected
janet-langjanet1.35affected
janet-langjanet1.36affected
janet-langjanet1.37affected
janet-langjanet1.38affected
janet-langjanet1.39affected
janet-langjanet1.40affected
janet-langjanet1.41.0affected

Weaknesses

  • CWE-125: Out-of-Bounds Read
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References