CVE-2026-9541
Analyzed Analyzed - Analysis Complete
Heap-based Buffer Overflow in Squirrel

Publication date: 2026-05-26

Last updated on: 2026-05-27

Assigner: VulDB

Description
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-27
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9541
EUVD
EUVD-2026-31813
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
squirrel-lang squirrel to 3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9541 is a heap-based buffer overflow vulnerability in the Squirrel scripting language, specifically in the ReadObject function of the sqobject.cpp file. The issue occurs when a malicious .cnut bytecode file contains a negative string length for an OT_STRING type. The ReadObject function reads this signed length without validating it, leading to improper memory handling.

Because the negative length bypasses buffer resizing checks, the subsequent fread call interprets the negative value as a very large unsigned number, causing it to write more data than the allocated buffer can hold. This results in a heap buffer overflow and potential memory corruption.

Impact Analysis

This vulnerability can be exploited by an attacker with local access who can load a crafted malicious .cnut bytecode file into an application using the vulnerable Squirrel scripting language functions like sqstd_loadfile or sq_readclosure.

Exploitation may lead to arbitrary code execution, allowing the attacker to run malicious code within the context of the vulnerable application. This can compromise the integrity and security of the affected system.

Detection Guidance

This vulnerability can be detected by identifying if your system or application loads untrusted .cnut bytecode files using the Squirrel scripting language functions such as sqstd_loadfile or sq_readclosure.

Since the vulnerability involves a heap-based buffer overflow triggered by a crafted .cnut file with a negative string length, detection involves monitoring or scanning for suspicious or malformed .cnut files being loaded locally.

There is a public proof-of-concept (PoC) exploit available that demonstrates the heap out-of-bounds read, which can be used to test if your system is vulnerable.

Suggested commands include running the PoC code from the GitHub repository to test your environment, or using file integrity monitoring to detect unexpected or suspicious .cnut files.

Mitigation Strategies

Immediate mitigation steps include preventing the loading of untrusted or malicious .cnut bytecode files by restricting local access to the Squirrel environment and validating all input files before processing.

Since the vulnerability arises from the ReadObject function not validating negative string lengths, applying a patch or update that adds this validation is recommended once available.

Until an official fix is released, avoid running or loading .cnut files from untrusted sources and monitor for any suspicious activity related to the Squirrel scripting environment.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9541. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart