A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.
PUBLISHED5.2ApplicationCWE-125CWE-119x_open-source
janet-lang janet debug.c doframe out-of-bounds
Problem type
Affected products
janet-lang
janet
1.0 - AFFECTED
1.1 - AFFECTED
1.2 - AFFECTED
1.3 - AFFECTED
1.4 - AFFECTED
1.5 - AFFECTED
1.6 - AFFECTED
1.7 - AFFECTED
1.8 - AFFECTED
1.9 - AFFECTED
1.10 - AFFECTED
1.11 - AFFECTED
1.12 - AFFECTED
1.13 - AFFECTED
1.14 - AFFECTED
1.15 - AFFECTED
1.16 - AFFECTED
1.17 - AFFECTED
1.18 - AFFECTED
1.19 - AFFECTED
1.20 - AFFECTED
1.21 - AFFECTED
1.22 - AFFECTED
1.23 - AFFECTED
1.24 - AFFECTED
1.25 - AFFECTED
1.26 - AFFECTED
1.27 - AFFECTED
1.28 - AFFECTED
1.29 - AFFECTED
1.30 - AFFECTED
1.31 - AFFECTED
1.32 - AFFECTED
1.33 - AFFECTED
1.34 - AFFECTED
1.35 - AFFECTED
1.36 - AFFECTED
1.37 - AFFECTED
1.38 - AFFECTED
1.39 - AFFECTED
1.40 - AFFECTED
1.41.0 - AFFECTED
References
VDB-367546 | janet-lang janet debug.c doframe out-of-bounds
https://vuldb.com/vuln/367546
VDB-367546 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/367546/cti
CVE-2026-10267 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10267
Submit #825072 | janet-lang janet 1.41.0 Out-of-Bounds Read
https://vuldb.com/submit/825072
github.com
https://github.com/janet-lang/janet/issues/1743
github.com
https://github.com/janet-lang/janet/issues/1743#issuecomment-4322129448
github.com
https://github.com/biniamf/pocs/tree/main/janet-debug-janet-doframe-env-data-oobread
github.com
https://github.com/janet-lang/janet/commit/ed17dd2c5913a23fb1107251e44a9410a3c30cf5
github.com
https://github.com/janet-lang/janet/
GitHub Security Advisories
GHSA-mmcx-pc5f-m5m4
A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function...
https://github.com/advisories/GHSA-mmcx-pc5f-m5m4A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-10267
github.com
https://github.com/janet-lang/janet/issues/1743
github.com
https://github.com/janet-lang/janet/issues/1743#issuecomment-4322129448
github.com
https://github.com/janet-lang/janet/commit/ed17dd2c5913a23fb1107251e44a9410a3c30cf5
github.com
https://github.com/biniamf/pocs/tree/main/janet-debug-janet-doframe-env-data-oobread
github.com
https://github.com/janet-lang/janet
vuldb.com
https://vuldb.com/cve/CVE-2026-10267
vuldb.com
https://vuldb.com/submit/825072
vuldb.com
https://vuldb.com/vuln/367546
vuldb.com
https://vuldb.com/vuln/367546/cti
github.com
https://github.com/advisories/GHSA-mmcx-pc5f-m5m4
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-10267Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-10267",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-01T15:03:01.251Z",
"dateReserved": "2026-05-31T14:06:36.144Z",
"datePublished": "2026-06-01T14:45:10.500Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-01T14:45:10.500Z"
},
"title": "janet-lang janet debug.c doframe out-of-bounds",
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5."
}
],
"affected": [
{
"vendor": "janet-lang",
"product": "janet",
"cpes": [
"cpe:2.3:a:janet-lang:janet:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0",
"status": "affected"
},
{
"version": "1.1",
"status": "affected"
},
{
"version": "1.2",
"status": "affected"
},
{
"version": "1.3",
"status": "affected"
},
{
"version": "1.4",
"status": "affected"
},
{
"version": "1.5",
"status": "affected"
},
{
"version": "1.6",
"status": "affected"
},
{
"version": "1.7",
"status": "affected"
},
{
"version": "1.8",
"status": "affected"
},
{
"version": "1.9",
"status": "affected"
},
{
"version": "1.10",
"status": "affected"
},
{
"version": "1.11",
"status": "affected"
},
{
"version": "1.12",
"status": "affected"
},
{
"version": "1.13",
"status": "affected"
},
{
"version": "1.14",
"status": "affected"
},
{
"version": "1.15",
"status": "affected"
},
{
"version": "1.16",
"status": "affected"
},
{
"version": "1.17",
"status": "affected"
},
{
"version": "1.18",
"status": "affected"
},
{
"version": "1.19",
"status": "affected"
},
{
"version": "1.20",
"status": "affected"
},
{
"version": "1.21",
"status": "affected"
},
{
"version": "1.22",
"status": "affected"
},
{
"version": "1.23",
"status": "affected"
},
{
"version": "1.24",
"status": "affected"
},
{
"version": "1.25",
"status": "affected"
},
{
"version": "1.26",
"status": "affected"
},
{
"version": "1.27",
"status": "affected"
},
{
"version": "1.28",
"status": "affected"
},
{
"version": "1.29",
"status": "affected"
},
{
"version": "1.30",
"status": "affected"
},
{
"version": "1.31",
"status": "affected"
},
{
"version": "1.32",
"status": "affected"
},
{
"version": "1.33",
"status": "affected"
},
{
"version": "1.34",
"status": "affected"
},
{
"version": "1.35",
"status": "affected"
},
{
"version": "1.36",
"status": "affected"
},
{
"version": "1.37",
"status": "affected"
},
{
"version": "1.38",
"status": "affected"
},
{
"version": "1.39",
"status": "affected"
},
{
"version": "1.40",
"status": "affected"
},
{
"version": "1.41.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Out-of-Bounds Read",
"cweId": "CWE-125",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Memory Corruption",
"cweId": "CWE-119",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/367546",
"name": "VDB-367546 | janet-lang janet debug.c doframe out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/367546/cti",
"name": "VDB-367546 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-10267",
"name": "CVE-2026-10267 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/825072",
"name": "Submit #825072 | janet-lang janet 1.41.0 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/janet-lang/janet/issues/1743",
"tags": [
"issue-tracking"
]
},
{
"url": "https://github.com/janet-lang/janet/issues/1743#issuecomment-4322129448",
"tags": [
"issue-tracking"
]
},
{
"url": "https://github.com/biniamf/pocs/tree/main/janet-debug-janet-doframe-env-data-oobread",
"tags": [
"exploit"
]
},
{
"url": "https://github.com/janet-lang/janet/commit/ed17dd2c5913a23fb1107251e44a9410a3c30cf5",
"tags": [
"patch"
]
},
{
"url": "https://github.com/janet-lang/janet/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 3.3,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 3.3,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"baseScore": 1.7
}
}
],
"timeline": [
{
"time": "2026-05-31T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-05-31T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-05-31T16:11:45.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "biniam (VulDB User)",
"type": "reporter"
}
],
"tags": [
"x_open-source"
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-06-01T15:03:01.251Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}