Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Wren Compiler Allows Malicious Code to Read Sensitive Data
CVE-2026-2858
Summary
A vulnerability in the Wren compiler can allow an attacker with local access to read sensitive data from the system. This affects versions of Wren up to 0.4.0. To protect your system, update to the latest version of Wren as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wren | wren | <= 0.4.0 | – |
Original title
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to o...
Original description
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
7.1
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
- https://github.com/oneafter/0122/blob/main/i1217/repro Issue Tracking Product
- https://github.com/wren-lang/wren/ Product
- https://github.com/wren-lang/wren/issues/1217 Issue Tracking
- https://vuldb.com/?ctiid.347097 Permissions Required VDB Entry
- https://vuldb.com/?id.347097 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754489 Third Party Advisory VDB Entry
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026