CVE-2026-3968 in AutohomeCorp frostmourne
要約 (英語)
A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
公開
2026年03月12日
エントリ
| 識別子 | 脆弱性 | CWE | ベース | テンポ | 0day | 本日 | 悪用可 | KEV | EPSS | CTI | 対策 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 350397 | AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval 特権昇格 | 94 | 6.3 | 6.0 | $0-$5k | $0-$5k | 概念実証 | 0.00046 | 0.00 | 未定義 | CVE-2026-3968 |