Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Squirrel up to 3.2 allows uncontrolled recursion
CVE-2026-3388
Summary
A security issue in Squirrel, a scripting language, can cause a program to crash or behave unexpectedly. This affects any software that uses Squirrel version 3.2 or earlier. We recommend updating to a fixed version of Squirrel to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| squirrel-lang | squirrel | <= 3.2 | – |
Original title
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrol...
Original description
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
1.7
nvd CVSS3.1
5.5
nvd CVSS4.0
4.8
Vulnerability type
CWE-404
CWE-674
- https://github.com/albertodemichelis/squirrel/issues/312 Exploit Issue Tracking Vendor Advisory
- https://github.com/oneafter/0122/blob/main/i312/repro Exploit
- https://vuldb.com/?ctiid.348274 Permissions Required VDB Entry
- https://vuldb.com/?id.348274 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.761314 Third Party Advisory VDB Entry
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026