Vulnerabilities ›

CVE-2026-2869

Low ⚡ Exploit Available

CWE-119 — Weakness Type

                    Published: Feb 21, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.

🤖 AI Executive Summary

CVE-2026-2869 is a low-severity out-of-bounds read vulnerability in janet-lang up to version 1.40.1 affecting the janetc_varset function in src/core/specials.c. The vulnerability requires local access and can be mitigated by upgrading to version 1.41.0 or applying the specified patch.

📄 Description (Arabic)

ثغرة قراءة خارج الحدود في مكون معالج handleattr بملف src/core/specials.c في janet-lang. تتطلب الثغرة وصولاً محلياً فقط ولا تؤثر على الأنظمة البعيدة. يتوفر استغلال عام للثغرة.

🤖 ملخص تنفيذي (AI)

CVE-2026-2869 هي ثغرة قراءة خارج الحدود منخفضة الخطورة في janet-lang حتى الإصدار 1.40.1 تؤثر على وظيفة janetc_varset. تتطلب الثغرة وصولاً محلياً ويمكن تخفيفها بالترقية إلى الإصدار 1.41.0.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:34

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: low

🏢 Affected Saudi Sectors

government telecom

🎯 MITRE ATT&CK Techniques

T1190 T1068

⚖️ Saudi Risk Score (AI)

3.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade janet-lang to version 1.41.0 or later immediately. Apply patch 2fabc80151a2b8834ee59cda8a70453f848b40e5 if immediate upgrade is not possible. Restrict local access to systems running vulnerable versions and monitor for exploitation attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية janet-lang إلى الإصدار 1.41.0 أو أحدث فوراً. طبق التصحيح 2fabc80151a2b8834ee59cda8a70453f848b40e5 إذا لم يكن الترقية الفورية ممكنة. قيد الوصول المحلي للأنظمة التي تشغل الإصدارات الضعيفة ومراقبة محاولات الاستغلال.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

27001:A.12.6.1 27001:A.14.2.1

🔗 References & Sources 8

🔗

https://github.com/janet-lang/janet/

cna@vuldb.com

Product

🔗

https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b40e5

cna@vuldb.com

Patch

🔗

https://github.com/janet-lang/janet/issues/1699

cna@vuldb.com

Exploit Issue Tracking

🔗

https://github.com/janet-lang/janet/releases/tag/v1.41.0

cna@vuldb.com

Release Notes

🔗

https://github.com/oneafter/0123/blob/main/ja1/repro

cna@vuldb.com

Exploit

🔗

https://vuldb.com/?ctiid.347106

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.347106

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.754589

cna@vuldb.com

Third Party Advisory VDB Entry

📦 Affected Products / CPE 1 entries

janet-lang:janet

📊 CVSS Score

3.3

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Low

CVSS Score3.3

CWECWE-119

EPSS0.02%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-21

Source Feed nvd

🇸🇦 Saudi Risk Score

3.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

exploit-available patch-available CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-2869

💬 Comments

Introduce Yourself

Sign In Required