CRITICALCVE-2026-24821Published 2026-01-27Modified 2026-01-27CNA GovTech CSG

CVE-2026-24821: A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.

Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

turanszkij / WickedEngine
≤ 0.71.727

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Amber

References

github.com

Metrics