CVE-2026-41244 | notamitgamer mojic up to 2.1.3 timing discrepancy

VDB-359548 · CVE-2026-41244 · GCVE-0-2026-41244 NOTAMITGAMER MOJIC UP TO 2.1.3 TIMING DISCREPANCY HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 3.5 $0-$5k 0.28+ Summaryinfo A vulnerability classified as problematic was found in notamitgamer mojic up to 2.1.3. This affects an unknown part. Executing a manipulation can lead to timing discrepancy. This vulnerability appears as CVE-2026-41244. The attack requires local access. There is no available exploit. Upgrading the affected component is advised. Detailsinfo A vulnerability was found in notamitgamer mojic up to 2.1.3. It has been declared as problematic. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a timing discrepancy vulnerability. The CWE definition for the vulnerability is CWE-208. Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. As an impact it is known to affect confidentiality. CVE summarizes: Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy (CWE-208), allowing a potential attacker to bypass the file integrity check via a timing attack. This vulnerability is fixed in 2.1.4. The advisory is shared for download at github.com. This vulnerability was named CVE-2026-41244 since 04/18/2026. The exploitation appears to be difficult. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592. Upgrading to version 2.1.4 eliminates this vulnerability. Productinfo Vendor notamitgamer Name mojic Version 2.1.0 2.1.1 2.1.2 2.1.3 Website Product: https://github.com/notamitgamer/mojic/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 3.6 VulDB Meta Temp Score: 3.5 VulDB Base Score: 2.5 VulDB Temp Score: 2.4 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 4.7 CNA Vector (GitHub_M): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Timing discrepancy CWE: CWE-208 / CWE-203 / CWE-200 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: mojic 2.1.4 Timelineinfo 04/18/2026 CVE reserved 04/24/2026 +6 days Advisory disclosed 04/24/2026 +0 days VulDB entry created 04/24/2026 +0 days VulDB entry last update Sourcesinfo Product: github.com Advisory: github.com Status: Confirmed CVE: CVE-2026-41244 (🔒) GCVE (CVE): GCVE-0-2026-41244 GCVE (VulDB): GCVE-100-359548 Entryinfo Created: 04/24/2026 21:56 Changes: 04/24/2026 21:56 (62) Complete: 🔍 Cache ID: 99:66A:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸