关键信息 CVE Identifier: CVE-2026-3390 Vulnerability Type: Out-of-Bounds Read (CWE-125) Affected Product: FascinatedBox lily up to version 2.3 Component: Error Reporting, specifically in CVSS Score: 3.0 Exploit Price: $0-$5k CTI Interest Score: 6.36 Summary A problematic vulnerability was identified in . The issue occurs in the function due to out-of-bounds manipulation, making it possible for local attackers to exploit the vulnerability. Details The vulnerability is caused by the app reading data past the end of the intended buffer, leading to availability impact. An exploit exists and is easy to use, with local access required. The exploit is shared via GitHub. The issue is classified as CWE-125 (Out-of-Bounds Read).