CVE-2026-2887
aardappel lobster idents.h TypeName recursion
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.1 will fix this issue. The name of the patch is 8ba49f98ccfc9734ef352146806433a41d9f9aa6. It is advisable to upgrade the affected component.
| CWE | CWE-674 CWE-404 |
| Vendor | aardappel |
| Product | lobster |
| Published | Feb 21, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for aardappel lobster
Be the first to know when new low vulnerabilities affecting aardappel lobster are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
aardappel / lobster
2025.0 2025.1 2025.2 2025.3 2025.4
References
vuldb.com: https://vuldb.com/?id.347181 vuldb.com: https://vuldb.com/?ctiid.347181 vuldb.com: https://vuldb.com/?submit.755026 github.com: https://github.com/aardappel/lobster/issues/397 github.com: https://github.com/aardappel/lobster/issues/397#issuecomment-3849015088 github.com: https://github.com/oneafter/0204/blob/main/lob3/repro.lobster github.com: https://github.com/aardappel/lobster/commit/8ba49f98ccfc9734ef352146806433a41d9f9aa6 github.com: https://github.com/aardappel/lobster/releases/tag/v2026.1 github.com: https://github.com/aardappel/lobster/
Credits
๐ Oneafter (VulDB User)