Vulnerability Description
A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strlen | Lobster | <= 2025.4 |
Related Weaknesses (CWE)
References
- https://github.com/aardappel/lobster/Product
- https://github.com/aardappel/lobster/commit/c2047a33e1ac2c42ab7e8704b33f7ea518a1Patch
- https://github.com/aardappel/lobster/issues/395PatchVendor Advisory
- https://github.com/aardappel/lobster/issues/395#issuecomment-3849012938PatchVendor Advisory
- https://github.com/oneafter/0204/blob/main/lob1/repro.lobsterProduct
- https://vuldb.com/?ctiid.345005Permissions RequiredVDB Entry
- https://vuldb.com/?id.345005Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.753167ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2258?
CVE-2026-2258 is a vulnerability with a CVSS score of 3.3 (LOW). A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to ...
How severe is CVE-2026-2258?
CVE-2026-2258 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2258?
Check the references section above for vendor advisories and patch information. Affected products include: Strlen Lobster.