Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
FascinatedBox lily: Local Data Exposure in Clear Storage Function
CVE-2026-3391
Summary
A security flaw in FascinatedBox lily versions up to 2.3 allows an attacker with local access to access sensitive data. This is a concern because it could lead to unauthorized access to critical information. We recommend updating to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| lily-lang | lily | <= 2.3 | – |
Original title
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The atta...
Original description
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
5.5
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
- https://github.com/FascinatedBox/lily/ Product
- https://github.com/FascinatedBox/lily/issues/383 Exploit Issue Tracking Vendor Advisory
- https://github.com/oneafter/0122/blob/main/i383/repro.lily Exploit
- https://vuldb.com/?ctiid.348277 Permissions Required VDB Entry
- https://vuldb.com/?id.348277 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.761327 Third Party Advisory VDB Entry
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026