Medium severity5.3NVD Advisory· Published May 11, 2026· Updated May 13, 2026

CVE-2026-8258

Description

A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Albertodemichelis/Squirrelreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/albertodemichelis/squirrel/issues/325nvd
github.com/biniamf/pocs/tree/main/squirrel-validate_format-memcpy-oobnvd
vuldb.com/submit/809873nvd
vuldb.com/vuln/362555nvd
vuldb.com/vuln/362555/ctinvd

News mentions

Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
Dark Reading · Apr 30, 2026
Great responsibility, without great power
Cisco Talos Intelligence · Apr 30, 2026

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000