PatchSiren

mrubyc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH mrubyc CVE published 2026-07-06

CVE-2026-38976

CVE-2026-38976 is a HIGH severity vulnerability in mrubyc through 3.4.1. A NULL pointer dereference was found in src/vm.c in op_super() / OP_SUPER due to a missing runtime guard for top-level super. The CVSS score is 7.5. This vulnerability could potentially lead to a crash or other unexpected behavior if exploited. Users of mrubyc through 3.4.1 should be aware of this vulnerability and take necessary act [truncated]