CVE-2026-10268

Summary

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d9b1d711ea1fde52ac73a82088b512a3e17bad0d. A patch should be applied to remediate this issue.

Affected Software

VendorProductVersion RangeStatus
janet-langjanet1.0affected
janet-langjanet1.1affected
janet-langjanet1.2affected
janet-langjanet1.3affected
janet-langjanet1.4affected
janet-langjanet1.5affected
janet-langjanet1.6affected
janet-langjanet1.7affected
janet-langjanet1.8affected
janet-langjanet1.9affected
janet-langjanet1.10affected
janet-langjanet1.11affected
janet-langjanet1.12affected
janet-langjanet1.13affected
janet-langjanet1.14affected
janet-langjanet1.15affected
janet-langjanet1.16affected
janet-langjanet1.17affected
janet-langjanet1.18affected
janet-langjanet1.19affected
janet-langjanet1.20affected
janet-langjanet1.21affected
janet-langjanet1.22affected
janet-langjanet1.23affected
janet-langjanet1.24affected
janet-langjanet1.25affected
janet-langjanet1.26affected
janet-langjanet1.27affected
janet-langjanet1.28affected
janet-langjanet1.29affected
janet-langjanet1.30affected
janet-langjanet1.31affected
janet-langjanet1.32affected
janet-langjanet1.33affected
janet-langjanet1.34affected
janet-langjanet1.35affected
janet-langjanet1.36affected
janet-langjanet1.37affected
janet-langjanet1.38affected
janet-langjanet1.39affected
janet-langjanet1.40affected
janet-langjanet1.41.0affected

Weaknesses

  • CWE-190: Integer Overflow
  • CWE-189: Numeric Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References