ByteOS Network

CVE Vulnerability Details :

CVE-2026-2869

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-21 Feb, 2026 | 14:32

Updated At-23 Feb, 2026 | 19:36

▼CVE Numbering Authority (CNA)

janet-lang janet handleattr specials.c janetc_varset out-of-bounds

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.

Affected Products

Vendor

janet-lang

Product

janet

Modules

handleattr Handler

Versions

Affected

1.40.0
1.40.1

Unaffected

1.41.0

Problem Types

Type	CWE ID	Description
CWE	CWE-125	Out-of-Bounds Read
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-125

Description: Out-of-Bounds Read

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.0	3.3	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.0	1.7	N/A	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 1.7

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Credits

reporter

Oneafter (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-02-20 00:00:00
VulDB entry created	2026-02-20 01:00:00
VulDB entry last update	2026-02-20 15:39:05

Event: Advisory disclosed

Date: 2026-02-20 00:00:00

Event: VulDB entry created

Date: 2026-02-20 01:00:00

Event: VulDB entry last update

Date: 2026-02-20 15:39:05

References

Hyperlink	Resource
https://vuldb.com/?id.347106	vdb-entry technical-description
https://vuldb.com/?ctiid.347106	signature permissions-required
https://vuldb.com/?submit.754589	third-party-advisory
https://github.com/janet-lang/janet/issues/1699	issue-tracking
https://github.com/oneafter/0123/blob/main/ja1/repro	exploit
https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b40e5	patch
https://github.com/janet-lang/janet/releases/tag/v1.41.0	patch
https://github.com/janet-lang/janet/	product

Hyperlink: https://vuldb.com/?id.347106

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.347106

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.754589

Resource:

third-party-advisory

Hyperlink: https://github.com/janet-lang/janet/issues/1699

Resource:

issue-tracking

Hyperlink: https://github.com/oneafter/0123/blob/main/ja1/repro

Resource:

exploit

Hyperlink: https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b40e5

Resource:

patch

Hyperlink: https://github.com/janet-lang/janet/releases/tag/v1.41.0

Resource:

patch

Hyperlink: https://github.com/janet-lang/janet/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References