CVE-2026-2659
Received Received - Intake
Out-of-Bounds Read in Squirrel SQFuncState::PopTarget Function

Publication date: 2026-02-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2659
EUVD
EUVD-2026-7643
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
squirrel-lang squirrel to 3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2659 is a heap-buffer underflow vulnerability in the Squirrel programming language up to version 3.2. It occurs in the function SQFuncState::PopTarget located in the source file sqfuncstate.cpp. The vulnerability arises because the function attempts to access the last element of an internal stack (_target_stack) without checking if the stack is empty. When the stack is empty, this leads to an out-of-bounds read (reading memory before the allocated buffer), classified as CWE-125.

This issue happens during the parsing of complex expressions involving binary or logical operations, such as those found in for loops. The improper bounds checking causes the function to read invalid memory, potentially leading to crashes or undefined behavior in the compiler.

Exploitation requires local access, and a proof-of-concept exploit is publicly available. Despite early notification, the Squirrel project has not yet addressed or mitigated this vulnerability.

Impact Analysis

This vulnerability primarily impacts the availability of the affected system by causing crashes or undefined behavior in the Squirrel compiler when processing certain complex expressions.

Since the vulnerability involves an out-of-bounds read leading to a heap-buffer underflow, it can cause the compiler to crash or behave unpredictably, potentially disrupting development or runtime environments that rely on Squirrel scripts.

Exploitation requires local access, so an attacker would need to have some level of privilege on the host system to trigger the issue.

No known mitigations or official fixes exist, so affected users are advised to consider alternative products or avoid using vulnerable versions of Squirrel.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects the Squirrel programming language compiler up to version 3.2, specifically in the function SQFuncState::PopTarget. Detection involves identifying if the vulnerable version of Squirrel is present and potentially triggering the vulnerability by compiling complex expressions involving binary or logical operations inside statements such as for loops.

Since the exploit requires local access and triggers an out-of-bounds read causing a crash, one detection method is to run the provided proof-of-concept exploit or test files with AddressSanitizer (ASAN) enabled to observe heap-buffer-overflow errors.

Suggested commands include building Squirrel with ASAN enabled and running the crashing test file from the public exploit repository to detect the vulnerability by observing ASAN reports.

  • Build Squirrel with ASAN enabled (e.g., using compiler flags like -fsanitize=address).
  • Run the provided crashing test file from the public exploit repository to trigger the vulnerability.
  • Monitor for ASAN error reports indicating an 8-byte out-of-bounds read in SQFuncState::PopTarget.
Mitigation Strategies

There are no official patches or countermeasures provided by the Squirrel project as of the disclosure date.

Immediate mitigation steps include restricting local access to systems running vulnerable versions of Squirrel up to 3.2 to prevent exploitation.

Consider avoiding the use of the vulnerable Squirrel compiler version and evaluate alternative products or versions not affected by this vulnerability.

Monitor for updates or patches from the Squirrel project or community that address this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2659. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart