CVE-2026-1979

MEDIUM

mruby <3.4.0 - Use After Free

Title source: llm

Description

A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue.

References (7)

[Various Sources] https://github.com/mruby/mruby/

[Patch] https://github.com/sysfce2/mruby/commit/e50f15c1c6e131fa7934355eb02b8173b13df415

View Patch ZIP pw:eip

[Issue Tracking] https://github.com/mruby/mruby/issues/6701

[Issue Tracking] https://github.com/mruby/mruby/issues/6701#issue-3802609843

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.344501

[Permissions Required, VDB Entry] https://vuldb.com/?id.344501

[Permissions Required, VDB Entry] https://vuldb.com/?submit.743377

Scores

CVSS v3 5.3

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-119 CWE-416

Status published

Affected Products (1)

mruby/mruby < 3.4.0

Timeline

Published Feb 06, 2026

Tracked Since Feb 18, 2026