VIR Vulnerability Intelligence Relay

CVE-2026-2655

low
Published 2026-02-18 · Modified 2026-04-29
CVSS v3
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS v2
1.0
VIR risk
2.5

Description

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Predictions

Exploit likelihood
27%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/ChaiScript/ChaiScript/issues/632#issue-3827824936

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/ChaiScript/ChaiScript/issues/632

Application impact
VendorProductVersionsFixed
chaiscriptchaiscript{"endIncluding":"6.1.0"}

References

CWEs

CWE-119 CWE-416

Verify integrity in audit chain (admin only). AS-IS.