CVE-2026-2259
aardappel lobster Parsing parser.h ParseStatements memory corruption
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue.
| CWE | CWE-119 |
| Vendor | aardappel |
| Product | lobster |
| Published | Feb 10, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for aardappel lobster
Be the first to know when new low vulnerabilities affecting aardappel lobster are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
aardappel / lobster
2025.0 2025.1 2025.2 2025.3 2025.4
References
vuldb.com: https://vuldb.com/?id.345006 vuldb.com: https://vuldb.com/?ctiid.345006 vuldb.com: https://vuldb.com/?submit.753168 github.com: https://github.com/aardappel/lobster/issues/396 github.com: https://github.com/aardappel/lobster/issues/396#issuecomment-3849019040 github.com: https://github.com/oneafter/0204/blob/main/lob2/repro.lobster github.com: https://github.com/aardappel/lobster/commit/2f45fe860d00990e79e13250251c1dde633f1f89 github.com: https://github.com/aardappel/lobster/
Credits
๐ Oneafter (VulDB User)