CVE-2026-2656 - Vulnerability Details

- ChaiScript type_info.hpp bare_equal use after free

Description

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-02-18

Score: 2 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A use‑after‑free flaw has been exposed in the bare_equal function of ChaiScript's type_info.hpp. The vulnerability arises when a previously freed memory block is accessed again, which is a use after free weakness (CWE‑416) and an improper memory access (CWE‑119). This could allow an attacker to corrupt data or cause a crash. The issue is localized to the internal implementation of type comparisons and is not tied to external inputs.

Affected Systems

All installations of ChaiScript up to and including version 6.1.0 are affected. The defect is present in the core library shipped with these releases and applies to any project that directly or indirectly uses the bare_equal routine.

Risk and Exploitability

Exploitation is limited to local users and demands significant effort: the attack requires local access, has a high complexity rating, and is deemed difficult to exploit. The CVSS score of 2 indicates low severity, and the EPSS score of less than 1% reflects very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, further underscoring its low immediate threat but still warranting remediation. If successful, the exploit could lead to arbitrary memory corruption or process termination, potentially elevating local privileges within the affected environment.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

ChaiScript

affected

Version	Status	Constraints
`6.0`	affected	—
`6.1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Chaiscript

80%

Version	Status	Scheme	Platform
`6.0`	affected	generic	—
`6.1.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade ChaiScript to a version released after 6.1.0 once a fix is available.
If an upgrade cannot be performed promptly, restrict local access to trusted personnel to minimize exploitation opportunities.
Modify or remove any code paths that invoke the bare_equal function until a vendor patch is issued.

Generated by OpenCVE AI on April 18, 2026 at 11:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/ChaiScript/ChaiScript/
https://github.com/ChaiScript/ChaiScript/issues/636
https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582
https://vuldb.com/?ctiid.346454
https://vuldb.com/?id.346454
https://vuldb.com/?submit.752790

History

Thu, 19 Feb 2026 17:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:chaiscript:chaiscript::::::::

Thu, 19 Feb 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Chaiscript Chaiscript chaiscript
Vendors & Products		Chaiscript Chaiscript chaiscript

Wed, 18 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		ChaiScript type_info.hpp bare_equal use after free
Weaknesses		CWE-119 CWE-416
References		https://github.com/ChaiScript/ChaiScript/ https://github.com/ChaiScript/ChaiScript/issues/636 https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 https://vuldb.com/?ctiid.346454 https://vuldb.com/?id.346454 https://vuldb.com/?submit.752790
Metrics		cvssV2_0 `{'score': 1, 'vector': 'AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 2.5, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Chaiscript Chaiscript

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-18T14:32:07.335Z

Updated: 2026-02-23T10:17:55.215Z

Reserved: 2026-02-18T06:43:23.403Z

Link: CVE-2026-2656

Vulnrichment

Updated: 2026-02-18T15:10:59.583Z

NVD

Status : Analyzed

Published: 2026-02-18T15:18:44.743

Modified: 2026-02-19T17:22:19.880

Link: CVE-2026-2656

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T12:00:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object