Home

Description

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d9b1d711ea1fde52ac73a82088b512a3e17bad0d. A patch should be applied to remediate this issue.

PUBLISHED Reserved 2026-05-31 | Published 2026-06-01 | Updated 2026-06-01 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Integer Overflow

Numeric Error

Product status

1.0
affected

1.1
affected

1.2
affected

1.3
affected

1.4
affected

1.5
affected

1.6
affected

1.7
affected

1.8
affected

1.9
affected

1.10
affected

1.11
affected

1.12
affected

1.13
affected

1.14
affected

1.15
affected

1.16
affected

1.17
affected

1.18
affected

1.19
affected

1.20
affected

1.21
affected

1.22
affected

1.23
affected

1.24
affected

1.25
affected

1.26
affected

1.27
affected

1.28
affected

1.29
affected

1.30
affected

1.31
affected

1.32
affected

1.33
affected

1.34
affected

1.35
affected

1.36
affected

1.37
affected

1.38
affected

1.39
affected

1.40
affected

1.41.0
affected

Timeline

2026-05-31:Advisory disclosed
2026-05-31:VulDB entry created
2026-05-31:VulDB entry last update

Credits

biniam (VulDB User) reporter

References

vuldb.com/vuln/367547 (VDB-367547 | janet-lang janet marsh.c unmarshal_one_fiber integer overflow) vdb-entry technical-description

vuldb.com/vuln/367547/cti (VDB-367547 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-10268 (CVE-2026-10268 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/825075 (Submit #825075 | janet-lang janet 1.41.0 Integer Overflow) third-party-advisory

github.com/janet-lang/janet/issues/1744 issue-tracking

github.com/...mf/pocs/tree/main/janet-marsh-unmarshal-intovf exploit

github.com/...ommit/d9b1d711ea1fde52ac73a82088b512a3e17bad0d patch

github.com/janet-lang/janet/ product

cve.org (CVE-2026-10268)

nvd.nist.gov (CVE-2026-10268)

Download JSON