Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
ChaiScript: Local Code Execution via Uncontrolled Recursion
CVE-2026-3384
Summary
A security issue in ChaiScript versions up to 6.1.0 allows an attacker to execute unauthorized code on a local system. This could potentially happen if an attacker is able to manipulate the ChaiScript code being executed. Update ChaiScript to a fixed version as soon as possible to mitigate this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chaiscript | chaiscript | <= 6.1.0 | – |
Original title
A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscr...
Original description
A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
5.5
nvd CVSS4.0
4.8
Vulnerability type
CWE-404
CWE-674
- https://github.com/ChaiScript/ChaiScript/ Product
- https://github.com/ChaiScript/ChaiScript/issues/633 Issue Tracking
- https://github.com/ChaiScript/ChaiScript/issues/633#issue-3828176056 Issue Tracking
- https://vuldb.com/?ctiid.348270 Permissions Required VDB Entry
- https://vuldb.com/?id.348270 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.761303 Third Party Advisory VDB Entry
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026