CVE-2026-2655

ChaiScript chaiscript_defines.hpp operator use after free

Description

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

INFO

Published Date :

2026-02-18T14:02:06.141Z

Last Modified :

2026-02-23T10:17:43.776Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2026-2655 vulnerability.

Vendors	Products
Chaiscript	Chaiscript

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2655.

URL	Resource
https://github.com/ChaiScript/ChaiScript/
https://github.com/ChaiScript/ChaiScript/issues/632
https://github.com/ChaiScript/ChaiScript/issues/632#issue-3827824936
https://vuldb.com/?ctiid.346453
https://vuldb.com/?id.346453
https://vuldb.com/?submit.752788

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact