Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
FascinatedBox lily versions 2.3 and earlier allow unauthorized access
CVE-2026-2660
Summary
A security issue in FascinatedBox lily versions 2.3 and earlier could allow an attacker to access sensitive data on a local network. This is because of a mistake in how the software handles certain data. Users should update to the latest version of FascinatedBox lily to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| lily-lang | lily | <= 2.3 | – |
Original title
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Lo...
Original description
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
7.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-416
Use After Free
- https://github.com/FascinatedBox/lily/ Product
- https://github.com/FascinatedBox/lily/issues/385 Exploit Issue Tracking Third Party Advisory
- https://github.com/oneafter/0122/blob/main/i385/repro.lily Exploit
- https://vuldb.com/?ctiid.346458 Permissions Required VDB Entry
- https://vuldb.com/?id.346458 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753164 Exploit Third Party Advisory VDB Entry
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026