CVE-2026-2869

LOW 3.3

janet-lang janet handleattr specials.c janetc_varset out-of-bounds

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.

CWE	CWE-125 CWE-119
Vendor	janet-lang
Product	janet
Published	Feb 21, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for janet-lang janet

Be the first to know when new low vulnerabilities affecting janet-lang janet are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

janet-lang / janet

1.40.0 1.40.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.347106 vuldb.com: https://vuldb.com/?ctiid.347106 vuldb.com: https://vuldb.com/?submit.754589 github.com: https://github.com/janet-lang/janet/issues/1699 github.com: https://github.com/oneafter/0123/blob/main/ja1/repro github.com: https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b40e5 github.com: https://github.com/janet-lang/janet/releases/tag/v1.41.0 github.com: https://github.com/janet-lang/janet/

Credits

🔍 Oneafter (VulDB User)