Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Squirrel up to 3.2: Out-of-bounds read in Squirrel function
CVE-2026-2659
Summary
A security flaw in Squirrel, a scripting engine, allows an attacker to access sensitive information on a local machine. This can happen when an attacker manipulates certain data. To protect your system, update to the latest version of Squirrel as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| squirrel-lang | squirrel | <= 3.2 | – |
Original title
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulati...
Original description
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
7.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
- https://github.com/albertodemichelis/squirrel/issues/311 Exploit Issue Tracking
- https://github.com/oneafter/0122/blob/main/i311/repro Exploit
- https://vuldb.com/?ctiid.346457 Permissions Required VDB Entry
- https://vuldb.com/?id.346457 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753163 Third Party Advisory VDB Entry
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026