CVE-2026-1979

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions mruby versions up to 3.4.0

Description A flaw exists in mruby up to version 3.4.0 related to the JMPNOT-to-JMPIF Optimization component. The issue resides within the mrb vm exec function in the src/vm.c file and can lead to a use-after-free condition. Successful exploitation requires local access. The exploit has been published.

Recommendations Implement the patch e50f15c1c6e131fa7934355eb02b8173b13df415 to correct this issue.

Exploit

Fix

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

CVE-2026-1979

Affected Products

Mruby

CVE-2026-1979

Weakness Enumeration

Related Identifiers

Affected Products

References · 20