Aggregates CVE and security vulnerability intelligence across all wren-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow and vendor risk memory corruption; exposure may include vendor impact application crash and vendor impact memory corruption in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-3387 | A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 1.9 | 0.01% | 2026-03-01 | 2026-04-29 |
| CVE-2026-3386 | A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 1.9 | 0.01% | 2026-03-01 | 2026-04-29 |
| CVE-2026-3385 | A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 1.9 | 0.01% | 2026-03-01 | 2026-04-29 |
| CVE-2026-2858 | A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 1.9 | 0.01% | 2026-02-20 | 2026-04-29 |
| CVE-2026-2657 | A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 1.9 | 0.01% | 2026-02-18 | 2026-04-29 |