CVE-2026-3979 in quickjsinfo

Summary

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Disclosure

03/12/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
350414	quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free	416	Proof-of-Concept	Official fix	CVE-2026-3979

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!