CVE-2026-4010

Name of the Vulnerable Software and Affected Versions pocketlang versions prior to cc73ca61b113d48ee130d837a7a8b145e41de5ce

Description A flaw exists in the pkByteBufferAddString function. Manipulating the length argument with the input 4294967290 leads to memory corruption. The issue requires local access to exploit. The exploit is publicly available. The software does not utilize versioning, making specific affected and unaffected release information unavailable. The project was notified of the issue but has not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.