CVE-2026-3385 PUBLISHED

A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

• Oneafter (VulDB User) reporter

• VDB-348271 | wren-lang wren wren_compiler.c resolveLocal recursion
• VDB-348271 | CTI Indicators (IOB, IOC, IOA)
• Submit #761305 | wren-lang wren main-branch Heap-based Buffer Overflow
• https://github.com/wren-lang/wren/issues/1218
• https://github.com/oneafter/0122/blob/main/i1218/repro
• https://github.com/wren-lang/wren/

• Uncontrolled Recursion CWE
• Denial of Service CWE