CVE-2026-2903

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions re2c versions up to 4.4

Description A flaw exists in re2c that can lead to a null pointer dereference. The issue is located in the check and merge special rules function within the src/parse/ast.cc file. This manipulation can be exploited locally. An exploit has been published and may be used.

Recommendations Install the patch febeb977936f9519a25d9fbd10ff8256358cdb97 to address this issue.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

AZL-78270

AZL-78273

CVE-2026-2903

ECHO-3D92-841B-34E6

Affected Products

Re2C

CVE-2026-2903

Weakness Enumeration

Related Identifiers

Affected Products

References · 24