CVE-2026-2242

low-risk

Published 2026-02-09

A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (1)

Janet

Affected Vendors

Janet-Lang

References (8)

Product https://github.com/janet-lang/janet/

Patch https://github.com/janet-lang/janet/commit/c43e06672cd9dacf2122c99f362120a17c34b...

Exploit https://github.com/janet-lang/janet/issues/1700

Exploit https://github.com/janet-lang/janet/issues/1702

Exploit https://github.com/oneafter/0123/blob/main/ja2/repro

Permissions Required https://vuldb.com/?ctiid.344981

Third Party Advisory https://vuldb.com/?id.344981

Third Party Advisory https://vuldb.com/?submit.754495

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal