Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Squirrel up to 3.2: Heap Buffer Overflow Can Cause Data Corruption
CVE-2026-2661
Summary
A flaw in Squirrel, a library used in some software, can cause data corruption if an attacker exploits it. This could lead to crashes or unexpected behavior in applications that use Squirrel. Users should contact the developers for an update to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| squirrel-lang | squirrel | <= 3.2 | – |
Original title
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow...
Original description
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
7.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-122
Heap-based Buffer Overflow
- https://github.com/albertodemichelis/squirrel/issues/310 Exploit Issue Tracking
- https://github.com/oneafter/0122/blob/main/i310/repro Exploit
- https://vuldb.com/?ctiid.346459 Permissions Required VDB Entry
- https://vuldb.com/?id.346459 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753165 Third Party Advisory VDB Entry
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026