ByteOS Network

CVE Vulnerability Details :

CVE-2026-1144

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-19 Jan, 2026 | 07:32

Updated At-25 Feb, 2026 | 16:46

▼CVE Numbering Authority (CNA)

quickjs-ng quickjs Atomics Ops quickjs.c use after free

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

Affected Products

Vendor

quickjs-ng

Product

quickjs

Modules

Atomics Ops Handler

Versions

Affected

0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.11.0

Problem Types

Type	CWE ID	Description
CWE	CWE-416	Use After Free
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-416

Description: Use After Free

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.0	6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.0	7.5	N/A	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 7.5

Base severity: N/A

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Credits

reporter

mcsky23 (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-01-18 00:00:00
VulDB entry created	2026-01-18 01:00:00
VulDB entry last update	2026-01-31 02:47:43

Event: Advisory disclosed

Date: 2026-01-18 00:00:00

Event: VulDB entry created

Date: 2026-01-18 01:00:00

Event: VulDB entry last update

Date: 2026-01-31 02:47:43

References

Hyperlink	Resource
https://vuldb.com/?id.341737	vdb-entry technical-description
https://vuldb.com/?ctiid.341737	signature permissions-required
https://vuldb.com/?submit.735537	third-party-advisory
https://vuldb.com/?submit.735538	third-party-advisory
https://github.com/quickjs-ng/quickjs/issues/1301	issue-tracking
https://github.com/quickjs-ng/quickjs/pull/1303	issue-tracking
https://github.com/quickjs-ng/quickjs/issues/1302	exploit issue-tracking
https://github.com/quickjs-ng/quickjs/commit/ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141	patch
https://github.com/quickjs-ng/quickjs/	product

Hyperlink: https://vuldb.com/?id.341737

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.341737

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.735537

Resource:

third-party-advisory

Hyperlink: https://vuldb.com/?submit.735538

Resource:

third-party-advisory

Hyperlink: https://github.com/quickjs-ng/quickjs/issues/1301

Resource:

issue-tracking

Hyperlink: https://github.com/quickjs-ng/quickjs/pull/1303

Resource:

issue-tracking

Hyperlink: https://github.com/quickjs-ng/quickjs/issues/1302

Resource:

exploit

issue-tracking

Hyperlink: https://github.com/quickjs-ng/quickjs/commit/ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141

Resource:

patch

Hyperlink: https://github.com/quickjs-ng/quickjs/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References