Vulnerability in Noir-lang Noir

CVE-2026-41197

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign…

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

Affected products

Noir-lang Noir — versions < 1.0.0-beta.19

Weakness classification (CWE)

CWE-131 — Incorrect Calculation of Buffer Size

References

https://github.com/noir-lang/noir/security/advisories/GHSA-jj7c-x25r-r8r3 (x_refsource_CONFIRM)
https://github.com/noir-lang/noir/releases/tag/v1.0.0-beta.19 (x_refsource_MISC)