CVE-2026-3285
Published: 27 February 2026
Summary
CVE-2026-3285 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Berry-Lang Berry. Its CVSS base score is 1.9 (Low).
Operationally, ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-3285 is an out-of-bounds read vulnerability affecting berry-lang berry versions up to 1.1.0, specifically in the scan_string function within the file src/be_lexer.c. The issue stems from improper memory bounds handling, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-125 (Out-of-bounds Read). It was published on 2026-02-27.
Exploitation requires local access (AV:L), low attack complexity (AC:L), and low privileges (PR:L), with no user interaction needed (UI:N) and unchanged scope (S:U). A successful attack results in low confidentiality impact (C:L) through unauthorized memory reads, with no effects on integrity (I:N) or availability (A:N), yielding a CVSS v3.1 base score of 3.3. Local attackers with basic access can trigger the vulnerability.
Mitigation involves applying the patch at commit 7149c59a39ba44feca261b12f06089f265fec176, which is the recommended fix. Details are documented in the berry-lang GitHub repository, including issue #509, pull request #511, and a public exploit reproduction at https://github.com/oneafter/0211/blob/main/be/repro.
The exploit has been publicly disclosed and may be utilized by attackers.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8992
Vulnerability details
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be…
more
utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces memory bounds protection to block the out-of-bounds read in scan_string.
Requires prompt application of the published patch (commit 7149c59) that eliminates the lexer flaw.
Input validation at the lexer boundary can reject malformed strings that trigger the OOB read.