CVE-2026-2887

Exploit

EPSS 0.18%
Veröffentlicht 21.02.2026 21:02:16
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

aardappel lobster idents.h TypeName recursion

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.1 will fix this issue. The name of the patch is 8ba49f98ccfc9734ef352146806433a41d9f9aa6. It is advisable to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Strlen ≫ Lobster Version < 2026.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.076

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	1.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/aardappel/lobster/

Product

https://vuldb.com/?id.347181

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.347181

VDB Entry

Permissions Required

https://vuldb.com/?submit.755026

Third Party Advisory

VDB Entry

https://github.com/aardappel/lobster/issues/397

Vendor Advisory

Exploit

Issue Tracking

https://github.com/aardappel/lobster/issues/397#issuecomment-3849015088

Vendor Advisory

Exploit

Issue Tracking

https://github.com/oneafter/0204/blob/main/lob3/repro.lobster

Third Party Advisory

https://github.com/aardappel/lobster/commit/8ba49f98ccfc9734ef352146806433a41d9f9aa6

Patch

https://github.com/aardappel/lobster/releases/tag/v2026.1

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-2887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2887

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2887