CVE-2026-3968 in frostmourne
요약 (영어)
A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
공개
2026. 03. 12.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 350397 | AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval 권한 상승 | 94 | 개념 증명 | 정의되지 않음 | CVE-2026-3968 |