CVE-2026-2655
low-risk
Published 2026-02-18
A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.5/10
Low
LOCAL
/ HIGH complexity
Affected Products (1)
Chaiscript
Affected Vendors
References (7)
Vendor Advisory
https://github.com/ChaiScript/ChaiScript/issues/632
Third Party Advisory
https://vuldb.com/?ctiid.346453
Third Party Advisory
https://vuldb.com/?id.346453
Third Party Advisory
https://vuldb.com/?submit.752788
Vendor Advisory
https://github.com/ChaiScript/ChaiScript/issues/632
11
/ 100
low-risk
Severity
6/34 · Minimal
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal