CVE-2026-3392 | FascinatedBox lily up to 2.3 src/lily_emitter.c eval_tree null pointer dereference (Issue 384)

Inserito da Angelo Barbosa | Feb 28, 2026 | CVE

A vulnerability classified as problematic has been found in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference.

This vulnerability is tracked as CVE-2026-3392. The attack is restricted to local execution. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-3392 | FascinatedBox lily up to 2.3 src/lily_emitter.c eval_tree null pointer dereference (Issue 384)

Post correlati

CVE-2025-22388 | Optimizely EPiServer.CMS.Core up to 12.21.x cross site scripting

CVE-2025-24009 | Siemens SIRIUS Safety Relays 3SK2 permission assignment (ssa-222768)

CVE-2024-25354 | domain-suffix 1.0.8 parse redos

CVE-2024-0588 | Paid Memberships Pro Plugin up to 2.12.10 on WordPress cross-site request forgery