CVE-2026-2903

ADVISORY - nist

Summary

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.

EPSS Score⁠: 0.00014 (0.026)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-404⁠

Improper Resource Shutdown or Release

CWE-476⁠

NULL Pointer Dereference

ADVISORY - redhat

CWE-476⁠

NULL Pointer Dereference

Impacted images

Advisories

NIST

CREATED

21 days ago

UPDATED

19 days ago

ADVISORY IDCVE-2026-2903⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-404⁠CWE-476⁠

CVSS SCORE

4.8medium

Debian

CREATED

20 days ago

UPDATED

20 days ago

ADVISORY IDCVE-2026-2903⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

19 days ago

UPDATED

17 days ago

ADVISORY IDCVE-2026-2903⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

21 days ago

UPDATED

19 days ago

ADVISORY IDCVE-2026-2903⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

3.3low