CVE-2026-3979 | quickjs-ng quickjs up to 0.12.1 quickjs.c js_iterator_concat_return use after free (Issue 1368)

A vulnerability was found in quickjs-ng quickjs up to 0.12.1. It has been rated as critical. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free.

This vulnerability appears as CVE-2026-3979. The attack requires local access. In addition, an exploit is available.

Applying a patch is the recommended action to fix this issue.VulDB Recent EntriesRead More