CVE-2026-3385 – This vulnerability in wren-lang allows uncontro... (How to Fix)

Q: What is the severity of CVE-2026-3385?

CVE-2026-3385 has a CVSS score of 3.3 (LOW). This vulnerability in wren-lang allows uncontrolled recursion in the resolveLocal function, which can lead to denial of service through stack exhaustion. Only local attackers can exploit this vulnerability, requiring access to the system running the vulnerable wren interpreter. Users of wren-lang up to version 0.4.0 are affected.

📋 TL;DR

This vulnerability in wren-lang allows uncontrolled recursion in the resolveLocal function, which can lead to denial of service through stack exhaustion. Only local attackers can exploit this vulnerability, requiring access to the system running the vulnerable wren interpreter. Users of wren-lang up to version 0.4.0 are affected.

💻 Affected Systems

Products:

wren-lang

Versions: up to 0.4.0

Operating Systems: All platforms running wren

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or service using wren as an embedded scripting language is vulnerable when processing untrusted wren code.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service through stack exhaustion, crashing the wren interpreter process and potentially affecting dependent applications.

🟠

Likely Case

Local denial of service causing wren interpreter crashes when malicious code is executed.

🟢

If Mitigated

Minimal impact if proper sandboxing and resource limits are enforced on wren execution environments.

🌐 Internet-Facing: LOW - Requires local access to execute malicious wren code, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes could crash wren interpreters, affecting availability of dependent services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to execute malicious wren code. Public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor wren-lang GitHub repository for updates. Consider workarounds or alternative implementations.

🔧 Temporary Workarounds

Sandbox wren execution

linux

Run wren interpreters with strict resource limits and in isolated environments

ulimit -s 8192
docker run --memory=256m --cpus=0.5 wren_app

Input validation

all

Validate and sanitize all wren code before execution

🧯 If You Can't Patch

Isolate wren execution to dedicated containers or VMs with strict resource limits
Implement monitoring for wren process crashes and abnormal resource consumption

🔍 How to Verify

Check if Vulnerable:

Check wren version: wren --version or examine package manager output

Check Version:

wren --version

Verify Fix Applied:

Verify version is greater than 0.4.0 when patch becomes available

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors from wren processes
Stack overflow messages
Abnormal wren process termination

Network Indicators:

None - local exploitation only

SIEM Query:

process.name:"wren" AND (event.type:"crash" OR event.type:"segfault")

📊 Metadata

CVE ID: CVE-2026-3385

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

Published: March 1, 2026

Last Updated: March 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3385, you might also want to check these: