Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Wren Compiler Vulnerability Allows Local Data Exposure
CVE-2026-3386
Summary
A programming language compiler has a bug that allows attackers to access sensitive data on a local computer. This could lead to unauthorized access to information. Wren users should update to a fixed version to prevent this from happening.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wren | wren | <= 0.4.0 | – |
Original title
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is pos...
Original description
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
7.1
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
- https://github.com/oneafter/0122/blob/main/i1219/repro Exploit
- https://github.com/wren-lang/wren/ Product
- https://github.com/wren-lang/wren/issues/1219 Exploit Issue Tracking Vendor Advisory
- https://vuldb.com/?ctiid.348272 Permissions Required VDB Entry
- https://vuldb.com/?id.348272 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.761306 Third Party Advisory VDB Entry
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026