CVE-2026-0822

MEDIUM
2026-01-10 [email protected]
6.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 23, 2026 - 09:16 vuln.today
Public exploit code
Patch Released
Feb 23, 2026 - 09:16 nvd
Patch available
CVE Published
Jan 10, 2026 - 14:15 nvd
MEDIUM 6.3

Tags

Buffer Overflow Heap Overflow Quickjs Redhat

Description

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.

Analysis

Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_sort function allows remote attackers to corrupt memory and potentially achieve code execution with minimal user interaction. Public exploit code exists for this vulnerability. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems running quickjs-ng quickjs and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

52
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: +20

Vendor Status

Share

CVE-2026-0822 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy