CVE-2026-30960 (GCVE-0-2026-30960)
Vulnerability from cvelistv5
Published
2026-03-10 17:11
Modified
2026-03-10 17:58
Severity ?
9.4 (Critical) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
  • CWE-269 - Improper Privilege Management
  • CWE-695 - Use of Low-Level Functionality
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the CFFI (Foreign Function Interface). Due to Improper Input Validation and External Control of Code Generation, an attacker can supply malicious parameters or instruction sequences through the CFFI layer. Since the library often operates with elevated privileges or within high-performance computing contexts, this allows for Arbitrary Code Execution (ACE) at the privilege level of the host process.
References
Impacted products
Vendor Product Version
Apich-Organization rssn Version: < 0.2.9
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T17:58:10.744850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T17:58:17.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rssn",
          "vendor": "Apich-Organization",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.2.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the CFFI (Foreign Function Interface). Due to Improper Input Validation and External Control of Code Generation, an attacker can supply malicious parameters or instruction sequences through the CFFI layer. Since the library often operates with elevated privileges or within high-performance computing contexts, this allows for Arbitrary Code Execution (ACE) at the privilege level of the host process."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-695",
              "description": "CWE-695: Use of Low-Level Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T17:11:10.797Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Apich-Organization/rssn/security/advisories/GHSA-9c4h-pwmf-m6fj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Apich-Organization/rssn/security/advisories/GHSA-9c4h-pwmf-m6fj"
        },
        {
          "name": "https://github.com/Apich-Organization/rssn/releases/tag/v0.2.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Apich-Organization/rssn/releases/tag/v0.2.9"
        },
        {
          "name": "https://rustsec.org/advisories/RUSTSEC-2026-0038.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rustsec.org/advisories/RUSTSEC-2026-0038.html"
        }
      ],
      "source": {
        "advisory": "GHSA-9c4h-pwmf-m6fj",
        "discovery": "UNKNOWN"
      },
      "title": "RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-30960",
    "datePublished": "2026-03-10T17:11:10.797Z",
    "dateReserved": "2026-03-07T17:34:39.981Z",
    "dateUpdated": "2026-03-10T17:58:17.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-30960\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T17:58:10.744850Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T17:58:13.752Z\"}}], \"cna\": {\"title\": \"RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface\", \"source\": {\"advisory\": \"GHSA-9c4h-pwmf-m6fj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Apich-Organization\", \"product\": \"rssn\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.2.9\"}]}], \"references\": [{\"url\": \"https://github.com/Apich-Organization/rssn/security/advisories/GHSA-9c4h-pwmf-m6fj\", \"name\": \"https://github.com/Apich-Organization/rssn/security/advisories/GHSA-9c4h-pwmf-m6fj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Apich-Organization/rssn/releases/tag/v0.2.9\", \"name\": \"https://github.com/Apich-Organization/rssn/releases/tag/v0.2.9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://rustsec.org/advisories/RUSTSEC-2026-0038.html\", \"name\": \"https://rustsec.org/advisories/RUSTSEC-2026-0038.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the CFFI (Foreign Function Interface). Due to Improper Input Validation and External Control of Code Generation, an attacker can supply malicious parameters or instruction sequences through the CFFI layer. Since the library often operates with elevated privileges or within high-performance computing contexts, this allows for Arbitrary Code Execution (ACE) at the privilege level of the host process.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269: Improper Privilege Management\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-695\", \"description\": \"CWE-695: Use of Low-Level Functionality\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754: Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-10T17:11:10.797Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-30960\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T17:58:17.359Z\", \"dateReserved\": \"2026-03-07T17:34:39.981Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-10T17:11:10.797Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.