CVE-2026-2656

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-2656
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2656.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2656
Published
2026-02-18T15:18:44.743Z
Modified
2026-02-21T08:05:51.988330Z
Severity
  • 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::TypeInfo::bareequal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/chaiscript/chaiscript

Affected ranges

Type
GIT
Repo
https://github.com/chaiscript/chaiscript
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac0d7ce94925f8eac367533b276d9d7db13a77ae

Affected versions

Release-1.*
Release-1.0.0
Release-1.1.0
Release-1.2.0
Release-1.3.0
Release-2.*
Release-2.0.0
Release-2.1.0
Release-2.2.0
Release-2.3.0
Release-2.3.1
Release-2.3.2
Release-2.3.3
Release-3.*
Release-3.0.0
Release-3.1.0
Release-4.*
Release-4.0.0
Release-4.1.0
Release-4.1.1
Release-4.2.0
Release-4.3.0
Release-5.*
Release-5.0.0
Release-5.1.0
Release-5.2.0
Release-5.3.0
Other
Test_Release
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v3.*
v3.0.0
v3.1.0
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.2.0
v4.3.0
v4.3.1
v5.*
v5.0.0
v5.1.0
v5.2.0
v5.3.1
v5.4.0
v5.5.0
v5.5.1
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v5.8.4
v5.8.5
v5.8.6
v6.*
v6.0.0
v6.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2656.json"