CVE-2026-2656

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References
Link Resource
https://github.com/ChaiScript/ChaiScript/ Product
https://github.com/ChaiScript/ChaiScript/issues/636 Exploit Vendor Advisory Issue Tracking
https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 Exploit Vendor Advisory Issue Tracking
https://vuldb.com/?ctiid.346454 Third Party Advisory VDB Entry
https://vuldb.com/?id.346454 Third Party Advisory VDB Entry
https://vuldb.com/?submit.752790 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*

History

19 Feb 2026, 17:22

Type Values Removed Values Added
First Time Chaiscript
Chaiscript chaiscript
CPE cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*
References () https://github.com/ChaiScript/ChaiScript/ - () https://github.com/ChaiScript/ChaiScript/ - Product
References () https://github.com/ChaiScript/ChaiScript/issues/636 - () https://github.com/ChaiScript/ChaiScript/issues/636 - Exploit, Vendor Advisory, Issue Tracking
References () https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 - () https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 - Exploit, Vendor Advisory, Issue Tracking
References () https://vuldb.com/?ctiid.346454 - () https://vuldb.com/?ctiid.346454 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.346454 - () https://vuldb.com/?id.346454 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.752790 - () https://vuldb.com/?submit.752790 - Third Party Advisory, VDB Entry

18 Feb 2026, 15:18

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-18 15:18

Updated : 2026-02-19 17:22


NVD link : CVE-2026-2656

Mitre link : CVE-2026-2656

CVE.ORG link : CVE-2026-2656


JSON object : View

Products Affected

chaiscript

  • chaiscript
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-416

Use After Free