CVE-2026-9541

5.3 MEDIUM

Published: May 26, 2026 Modified: May 27, 2026

Description

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/albertodemichelis/squirrel/issues/327

Source: cna@vuldb.com

Exploit Issue Tracking Mitigation Patch

https://github.com/biniamf/pocs/tree/main/squirrel-sqobject-readobject-neg-len-oob

Source: cna@vuldb.com

Exploit

https://vuldb.com/submit/814826

Source: cna@vuldb.com

Third Party Advisory VDB Entry Exploit

https://vuldb.com/vuln/365602

Source: cna@vuldb.com

Third Party Advisory VDB Entry

https://vuldb.com/vuln/365602/cti

Source: cna@vuldb.com

Permissions Required VDB Entry

https://github.com/albertodemichelis/squirrel/issues/327

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit Issue Tracking Mitigation Patch

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.3 / 10.0

EPSS (Exploit Probability)

0.1%

3th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119 CWE-122

Affected Vendors

squirrel-lang

Related CVEs

CVE-2026-48777 N/A

CVE-2026-47750 7.8

CVE-2026-47747 7.8

CVE-2026-46448 5.4

CVE-2026-22313 9.1