Radareorg Radare2
9 CVEs affecting Radareorg Radare2. Latest disclosed: 2026-04-23. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6942 | Critical | 9.8 | 2026-04-23 | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing th… |
CVE-2026-40517 | High | 7.8 | 2026-04-22 | radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary command… |
CVE-2026-40527 | High | 7.8 | 2026-04-17 | radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 com… |
CVE-2026-40499 | High | 7.8 | 2026-04-15 | radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary… |
CVE-2020-15121 | High | 7.4 | 2020-07-20 | In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the execut… |
CVE-2026-6940 | High | 7.1 | 2026-04-23 | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by s… |
CVE-2026-6941 | Medium | 6.6 | 2026-04-23 | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configure… |
CVE-2025-1864 | | 2025-03-03 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2… | |
CVE-2025-1744 | | 2025-02-28 | Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9. |