CVE-2026-3392 | FascinatedBox lily up to 2.3 src/lily_emitter.c eval_tree null pointer dereference (Issue 384)

A vulnerability classified as problematic has been found in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference.

This vulnerability is tracked as CVE-2026-3392. The attack is restricted to local execution. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More