CVE-2026-11645: Three Public PoCs For The V8 KEV Bug. None Of Them Read Or Write Out Of Bounds.

What the CVE entry actually names

Google's NVD record for CVE-2026-11645 is specific in two ways the three GitHub repositories are not. The bug class is named: out-of-bounds read AND write, the two CWE buckets CWE-125 and CWE-787 paired in a single entry. The execution context is named: "inside a sandbox." V8 ships with the V8 Sandbox, a hardware-assisted in-process boundary added across 2023 and 2024 releases that bounds what a corrupted V8 heap can reach in the rest of the renderer's address space. Code execution "inside a sandbox" is not code execution on the host; the renderer process is still bounded by the same sandbox layer until a separate escape primitive is chained.

These are the two operational facts the description holds. A PoC that demonstrates the bug class must produce an out-of-bounds read, an out-of-bounds write, or both. A PoC that markets the consequence must distinguish the in-sandbox primitive the CVE names from the host RCE its READMEs assert.

0xBlackash's repository is a tab crasher

0xBlackash/CVE-2026-11645.html is a 4.5 KB self-styled "Test PoC - Chrome 148." The page's own header reads "Target: Chrome 148 (Vulnerable)." CVE-2026-11645's affected range is Chrome before 149.0.7827.103, not Chrome 148 specifically. The page exposes four buttons: Check Version, Trigger Strong Test (5x), Run Auto Stress Test (Recommended), and Clear Log. The active code is one function:

function trigger() {
    try {
        let value = 2;
        class C extends Function {
            ['AA'] = value;
        }
        // Training phase
        for (let i = 0; i < 800; i++) {
            new C("'use strict'");
        }
        // Type confusion trigger
        value = 1.1;
        for (let i = 0; i < 1500; i++) {
            new C("'use strict'");
        }
    } catch (e) {
        log("Trigger error: " + e.message, 'error');
    }
}

The shape is recognizable as a V8 type-confusion attempt. A class C extending the built-in Function carries a computed-key class field ['AA'] initialized to the outer value. The training loop instantiates the class 800 times with value holding a Smi, V8's tagged-int representation. The trigger then transitions value to a double (1.1); the JIT's installed inline cache for the class field has a stale type expectation, and 1500 new instances try to write a double into a slot the cache believes is Smi-tagged.

If the bug is what this script targets, the consequence is a Map-transition mismatch that crashes the tab. The Auto Stress Test repeats the trigger 40 times (eight cycles of five runs) attempting to force the crash. The README's success criterion is the one written in the log line itself: "Check if tab crashed."

The script never reads memory at an index it controls. The script never writes memory at any index it controls. The script never references the heap layout the OOB primitive would corrupt. The authored consequence is a crash. CVE-2026-11645 is OOB read and OOB write. A tab crash is the surface signal that something memory-unsafe happened; it is not the operation the CVE names, and a defender testing detection cannot extract bytes from a renderer that died.

This is the Placeholder PoC pattern in its trigger-only form. We have already named 0xBlackash twice in this pattern. Against CVE-2026-46300, the Fragnesia variant, 0xBlackash shipped a byte-identical copy of another author's user-namespace REPL and miscredited MITRE for an assignment the Kernel CNA had made. Against CVE-2026-43494, the io_uring/RDS PinTheft case, 0xBlackash shipped the trigger and elided the page-cache overwrite as // Simplified final steps. CVE-2026-11645 is the third.

fevar54's repository will not parse

fevar54/CVE-2026-11645-Out-of-bounds-Read-Write ships a 16 KB HTML file (the path is VE-2026-11645 - Chrome V8 OOB Read/Write PoC, with the leading C missing in the directory name) and a 1 KB minimal trigger. The 16 KB file is the one the README markets. Its script declares eight named exploit phases: memory-layout setup, JIT compilation training, type-confusion primitives, OOB read attempt, OOB write attempt, ArrayBuffer overlap, memory-address leak, type corruption. The README's "Summary of Analysis" table cross-references each phase to a function name in the file. The script will not run in Chrome.

The training step invokes the V8 runtime function directly:

%OptimizeFunctionOnNextCall(vulnerableFunction);

%-prefixed identifiers are V8 native runtime calls, available only when the engine is started with --allow-natives-syntax. Production Chrome does not pass that flag. The flag is reserved for the d8 shell and Chromium developer builds. The CVE the script claims to exploit is a production Chrome bug; the script's primary instrumentation is a parse error in production Chrome.

The script also ships a polyfill block at the bottom intended to suppress the parse error:

if (typeof %OptimizeFunctionOnNextCall === 'undefined') {
    window.%OptimizeFunctionOnNextCall = function() {};
    window.%GetOptimizationStatus = function() { return 0; };
}

The body of the if is itself a parse error. window.%OptimizeFunctionOnNextCall is not a valid property access in JavaScript; the percent sign cannot appear in that position in any V8 lexer state, debug build or not. The script will not load in any browser. The script's author did not run it.

The README is in Spanish. The header reproduces the NVD entry, CVSS vector, and an affected-versions table. The bottom of the README, after the analysis table, is verbatim this line:

¿Necesitas que profundice en alguna fase específica o que genere más componentes del PoC?

The English translation is "Do you need me to dig deeper into any specific phase or generate more components of the PoC?" That is the closing prompt of a chatbot session. It was copied unmodified into the README. The author committed the language model's closing question as project documentation.

fevar54 is also in our catalog. The PoC-Funcional---CVE-2026-45247-Mirasvit-Full-Page-Cache-Warmer-RCE- repository we covered twelve days ago shipped a serialized PHP payload whose every protected-property length declaration was wrong by the three bytes of the NUL prefix the script forgot to encode. That artifact was structurally fluent, byte-level broken, and at least executed before failing at unserialize. CVE-2026-11645's fevar54 repository does not reach byte level. The exploit script is uncompilable JavaScript pretending to be a working browser exploit, and the README ends with the chatbot's closing question pasted under a Resumen del Análisis header.

adamshaikhma's repository is a TinyURL

adamshaikhma/CVE-2026-11645 ships one tracked file, a 748-byte README. The "Quick Usage" section is a single command line:

python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --data-file payload.exe

CVE-2026-11645 is a Chromium V8 bug. The exploit primitive, by the CVE description, runs in a JavaScript engine inside a browser parsing a crafted HTML page. The command above takes a Windows filesystem path as a target, packages an output into demo.zip, and consumes payload.exe as a data file. That is the command-line shape of a file packager or an installer-builder, not a browser exploit. A V8 OOB read does not address a Windows path. A V8 OOB write does not produce a zip. The README's command line is for a different category of artifact entirely.

The references section contains the NVD link. The exploit section contains one bullet:

[Download PoC](https://tinyurl.com/28fph7fk)

This is the Paywall PoC shape. The catalog has the structure on file: a KEV deadline drives demand, a throwaway account publishes a README that names the bug correctly enough to read as authentic, the README ends in a TinyURL or other redirector that resolves to a no-refunds payment platform, and the byte that lands in the buyer's hands is the byte the seller chose to upload at some point between the day they created the account and the day the listing went up. The buyer's $660 (or whatever Bitcoin amount the listing carries) buys their own belief at the moment of payment.

adamshaikhma's artifact is structurally identical to fangbarristerbar's CVE-2026-20182 listing: one README, one outbound link, a command line in the README that names operations the underlying CVE does not perform. The seller did not need a PoC ready in advance. They needed a README and a TinyURL ready in advance, and the federal civilian deadline does the marketing.

What the corpus does not contain

The three repositories above are, as of this writing, the entire public GitHub PoC corpus for CVE-2026-11645. The infosec.exchange entries the scanner registered are news mentions of the CVE, not source repositories. Searching the strings CVE-2026-11645 and 149.0.7827.103 across GitHub returns no other PoC trees.

The corpus does not contain a JIT type-confusion chain that reads an adjacent ArrayBuffer backing store. The corpus does not contain a write primitive that corrupts an object's elements pointer to a forged address. The corpus does not contain the addrof/fakeobj pair conventional V8 exploit chains build on top of an OOB read and write. The corpus does not contain a V8 Sandbox-bounded code-execution payload, which is the consequence the CVE description actually scopes. 0xBlackash's trigger, taken at face value, may be the surface of the bug; the exploitation work that turns surface into the CVE's named primitive is not in any of the three repositories.

KEV's evidence base is telemetry, not GitHub. CISA records a vulnerability as known-exploited when it has reliable signal of in-the-wild use: victim reports from federal agencies, IOC feeds from private partners, EDR vendor notifications. CVE-2026-11645's KEV listing rests on that telemetry. The wild exploitation is real. It is not the same artifact as the public PoC corpus on GitHub, and as of June 23 it has not been published.

A federal civilian SOC analyst opening today's BOD 22-01 ticket and searching for a PoC to test their detection posture finds a tab crasher, a Spanish chatbot transcript, and a TinyURL. The CVE description's "execute arbitrary code inside a sandbox" describes a primitive none of the three artifacts demonstrate. The PoC scanner that polls GitHub for CVE-numbered repositories registers all three as "PoC available." The registration is incorrect for the bug each repository claims to embody. The deadline is today. The corpus is decoration.

PoCs: fevar54/CVE-2026-11645-Out-of-bounds-Read-Write, adamshaikhma/CVE-2026-11645, 0xBlackash/CVE-2026-11645.