{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2240", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-09T09:38:25.338Z", "datePublished": "2026-02-09T15:32:10.307Z", "dateUpdated": "2026-02-23T10:00:07.480Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:00:07.480Z"}, "title": "janet-lang janet compile.c janetc_pop_funcdef out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "janet-lang", "product": "janet", "versions": [{"version": "1.40.0", "status": "affected"}, {"version": "1.40.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-09T18:15:47.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344979", "name": "VDB-344979 | janet-lang janet compile.c janetc_pop_funcdef out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344979", "name": "VDB-344979 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753155", "name": "Submit #753155 | janet-lang janet 883dde4 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/janet-lang/janet/issues/1702", "tags": ["issue-tracking"]}, {"url": "https://github.com/janet-lang/janet/issues/1702#issuecomment-3790473369", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0123/blob/main/ja4/repro", "tags": ["exploit"]}, {"url": "https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5", "tags": ["patch"]}, {"url": "https://github.com/janet-lang/janet/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T16:06:11.954193Z", "id": "CVE-2026-2240", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T16:06:52.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2240", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T16:06:11.954193Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T16:06:41.157Z"}}], "cna": {"tags": ["x_open-source"], "title": "janet-lang janet compile.c janetc_pop_funcdef out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "janet-lang", "product": "janet", "versions": [{"status": "affected", "version": "1.40.0"}, {"status": "affected", "version": "1.40.1"}]}], "timeline": [{"lang": "en", "time": "2026-02-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-09T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-09T18:15:47.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344979", "name": "VDB-344979 | janet-lang janet compile.c janetc_pop_funcdef out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344979", "name": "VDB-344979 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753155", "name": "Submit #753155 | janet-lang janet 883dde4 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/janet-lang/janet/issues/1702", "tags": ["issue-tracking"]}, {"url": "https://github.com/janet-lang/janet/issues/1702#issuecomment-3790473369", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0123/blob/main/ja4/repro", "tags": ["exploit"]}, {"url": "https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5", "tags": ["patch"]}, {"url": "https://github.com/janet-lang/janet/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:00:07.480Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2240", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:00:07.480Z", "dateReserved": "2026-02-09T09:38:25.338Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-09T15:32:10.307Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:janet-lang:janet:*:*:*:*:*:*:*:*", "matchCriteriaId": "D63D3EB2-96FF-4D2B-AD67-2DE091B2CC05", "versionEndIncluding": "1.40.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en janet-lang janet hasta la versi\u00f3n 1.40.1. El elemento afectado es la funci\u00f3n janetc_pop_funcdef del archivo src/core/compile.c. Dicha manipulaci\u00f3n conduce a una lectura fuera de l\u00edmites. El ataque debe llevarse a cabo localmente. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. El nombre del parche es 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. Se deber\u00eda aplicar un parche para remediar este problema."}], "id": "CVE-2026-2240", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-09T16:16:03.223", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/janet-lang/janet/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/janet-lang/janet/issues/1702"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/janet-lang/janet/issues/1702#issuecomment-3790473369"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/oneafter/0123/blob/main/ja4/repro"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344979"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344979"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.753155"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.40.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.40.1"}}], "product": "janet", "vendor": "janet-lang"}], "analysis": {"en": {"generated_at": "2026-04-17T21:25:26.557206+00:00", "value": {"mitigation_remediation": ["Update Janet to a version that includes commit 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5 or newer.", "If building from source, apply the patch from the referenced commit directly to the repository.", "Limit the execution of Janet scripts to trusted users and consider adding filesystem access controls to minimize the impact of local exploitation."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Janet-lang\u2019s Janet interpreter, versions up to 1.40.1, including the 1.40.x releases and any builds that incorporate the unpatched commit. The issue resides in src/core/compile.c and has been fixed by commit 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5.", "description_and_impact": "A flaw in the Janet compiler\u2019s janetc_pop_funcdef routine allows an out\u2011of\u2011bounds read, exposing memory contents in the process. The vulnerability is a typical buffer overread type (CWE\u2011119, CWE\u2011125) that can leak sensitive data without modifying it. The attack requires local privilege and does not directly trigger code execution or denial of service.", "risk_and_exploitability": "The CVSS score of 4.8 indicates low\u2011medium severity, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. Because the exploit requires local execution, it is unlikely to be leveraged remotely, but it remains a concern for environments where untrusted code may run under local privileges."}}}}, "created": "2026-02-10T11:35:30.523920+00:00", "title": "Out\u2011of\u2011Bounds Read in Janet Compiler Function", "updated": "2026-04-17T21:30:28.390262+00:00", "vendors": ["janet-lang", "janet-lang$PRODUCT$janet"]}