{"id":"CVE-2026-3385","details":"A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.","modified":"2026-03-13T22:13:42.287485Z","published":"2026-03-01T09:15:57.040Z","references":[{"type":"WEB","url":"https://github.com/wren-lang/wren/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.348271"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.761305"},{"type":"REPORT","url":"https://github.com/wren-lang/wren/issues/1218"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.348271"},{"type":"EVIDENCE","url":"https://github.com/oneafter/0122/blob/main/i1218/repro"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wren-lang/wren","events":[{"introduced":"0"},{"last_affected":"7d3f063e87acebf3e7db3ff6455826e6a30f570e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.4.0"}]}}],"versions":["0.1.0","0.2.0","0.3.0","0.4.0-pre"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3385.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}