CVE-2026-3391

Name of the Vulnerable Software and Affected Versions FascinatedBox lily versions prior to 2.3

Description A security flaw exists in FascinatedBox lily, potentially leading to an out-of-bounds read. The issue resides within the clear storages function located in the src/lily emitter.c file. Exploitation requires local access. The exploit code has been publicly released, increasing the risk of attacks. The project maintainers were notified of the issue but have not yet responded.

Recommendations Update to a version of FascinatedBox lily later than 2.3. As a temporary workaround, consider restricting local access to the affected file src/lily emitter.c until a patch is available.