CVE-2026-3384

LOW 3.3

ChaiScript chaiscript_eval.hpp Function_Push_Pop recursion

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-674 CWE-404
Vendor	n/a
Product	chaiscript
Published	Mar 1, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for n/a chaiscript

Be the first to know when new low vulnerabilities affecting n/a chaiscript are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / ChaiScript

6.0 6.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.348270 vuldb.com: https://vuldb.com/?ctiid.348270 vuldb.com: https://vuldb.com/?submit.761303 github.com: https://github.com/ChaiScript/ChaiScript/issues/633 github.com: https://github.com/ChaiScript/ChaiScript/issues/633#issue-3828176056 github.com: https://github.com/ChaiScript/ChaiScript/

Credits

🔍 Oneafter (VulDB User)