CVE-2026-3389 PUBLISHED

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

• Oneafter (VulDB User) reporter

• VDB-348275 | Squirrel sqstdrex.cpp sqstd_rex_newnode null pointer dereference
• VDB-348275 | CTI Indicators (IOB, IOC, IOA)
• Submit #761315 | albertodemichelis squirrel master-branch NULL Pointer Dereference
• https://github.com/albertodemichelis/squirrel/issues/314
• https://github.com/oneafter/0122/blob/main/i314/repro

• NULL Pointer Dereference CWE
• Denial of Service CWE