CVE-2026-2016

low-risk

Published 2026-02-06

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Libfastcommon

Affected Vendors

Happyfish100

References (8)

Product https://github.com/happyfish100/libfastcommon/

Patch https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891...

Exploit https://github.com/happyfish100/libfastcommon/issues/55

Exploit https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577

Exploit https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848

Permissions Required https://vuldb.com/?ctiid.344598

Third Party Advisory https://vuldb.com/?id.344598

Third Party Advisory https://vuldb.com/?submit.743873

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal