LOW
janet-lang
CVE published 2026-06-01
CVE-2026-10267
A low-severity local out-of-bounds read vulnerability exists in the Janet programming language runtime (versions up to 1.41.0). The flaw resides in the `doframe` function within `src/core/debug.c`. Successful exploitation requires local access and attacker manipulation of input to trigger the out-of-bounds read. A public exploit has been released, increasing the practical risk for local attack scenarios. [truncated]