CVE-2026-2656

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 2.5 LOW
CVSS v2.0 1.0 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.0^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:S/C:N/I:N/A:P

Exploitability : 1.5 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/ChaiScript/ChaiScript/	Product
https://github.com/ChaiScript/ChaiScript/issues/636	Exploit Vendor Advisory Issue Tracking
https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582	Exploit Vendor Advisory Issue Tracking
https://vuldb.com/?ctiid.346454	Third Party Advisory VDB Entry
https://vuldb.com/?id.346454	Third Party Advisory VDB Entry
https://vuldb.com/?submit.752790	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*

History

19 Feb 2026, 17:22

Type	Values Removed	Values Added
First Time		Chaiscript Chaiscript chaiscript
CPE		cpe:2.3:a:chaiscript:chaiscript::::::::
References	~~() https://github.com/ChaiScript/ChaiScript/ -~~	() https://github.com/ChaiScript/ChaiScript/ - Product
References	~~() https://github.com/ChaiScript/ChaiScript/issues/636 -~~	() https://github.com/ChaiScript/ChaiScript/issues/636 - Exploit, Vendor Advisory, Issue Tracking
References	~~() https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 -~~	() https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 - Exploit, Vendor Advisory, Issue Tracking
References	~~() https://vuldb.com/?ctiid.346454 -~~	() https://vuldb.com/?ctiid.346454 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.346454 -~~	() https://vuldb.com/?id.346454 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.752790 -~~	() https://vuldb.com/?submit.752790 - Third Party Advisory, VDB Entry

18 Feb 2026, 15:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 15:18

Updated : 2026-02-19 17:22

NVD link : CVE-2026-2656

Mitre link : CVE-2026-2656

CVE.ORG link : CVE-2026-2656

JSON object : View

Products Affected

chaiscript

chaiscript

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-416

Use After Free

2.5 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.0 /10

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2026-2656

2.5^/10

1.0^/10

Attach tags to `CVE-2026-2656`