CVE-2026-1979 MEDIUM

CVE-2026-1979: mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free

Vendor N/A
Product mruby
Weakness CWE-416
Published February 6, 2026
Last update February 23, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 23, 2026 Record updated