wren-lang wren Source File wren_compiler.c peekChar out-of-bounds_CVE-2026-2858

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2858

Source VulDB

Published Feb 20, 2026 at 21:32

Affected Product

Vendor wren-lang

Product wren

Version 0.1

Affected Versions wren-lang wren 0.1
wren-lang wren 0.2
wren-lang wren 0.3
wren-lang wren 0.4.0

CWE Classification

CWE-125 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-20T21:32:08.945Z",
    "modified": "2026-02-20T21:32:08.945Z",
    "type": "cve",
    "title": "wren-lang wren Source File wren_compiler.c peekChar out-of-bounds",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.347097\nhttps://vuldb.com/?ctiid.347097\nhttps://vuldb.com/?submit.754489\nhttps://github.com/wren-lang/wren/issues/1217\nhttps://github.com/oneafter/0122/blob/main/i1217/repro\nhttps://github.com/wren-lang/wren/",
    "id": "CVE-2026-2858",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "wren-lang wren 0.1\nwren-lang wren 0.2\nwren-lang wren 0.3\nwren-lang wren 0.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wren",
    "version": "0.1",
    "vendor": "wren-lang",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}