In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
RCE
Tcl
NVD
GitHub
CVSS 3.1
7.8
EPSS
1.6%