CVE-2026-2258
Undergoing Analysis Undergoing Analysis - In Progress
Memory Corruption in Aardappel Lobster WaveFunctionCollapse Function

Publication date: 2026-02-10

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2258
EUVD
EUVD-2026-6469
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
strlen lobster to 2025.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw found in the aardappel lobster software up to version 2025.4, specifically in the WaveFunctionCollapse function within the dev/src/lobster/wfc.h library. It allows an attacker to perform a local manipulation that can lead to memory corruption.

The exploit for this vulnerability has been published, meaning it is publicly known and can be used by attackers. A patch identified as c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd is available to fix this issue.

Impact Analysis

This vulnerability can lead to memory corruption if exploited locally. Memory corruption can cause the affected software to behave unpredictably, potentially leading to crashes or other unintended behavior.

However, the vulnerability requires local access to be exploited, which limits the attack surface. The CVSS scores indicate a low to moderate impact, with no confidentiality or integrity loss, but some impact on availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, it is advisable to implement the patch identified as c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd which corrects the issue in the WaveFunctionCollapse function of the aardappel lobster library.

Since the attack can only be executed locally, limiting local access to trusted users and systems can also help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart