radare

Top products

The 15 most recently published vulnerabilities affecting radare.

• CVE-2026-8696radare2 6.1.5 Use-After-Free via gdbr_pids_list()7.5May 15, 2026
• CVE-2026-8695radare2 6.1.5 Use-After-Free via gdbr_threads_list()7.5May 15, 2026
• CVE-2026-6942radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass9.8Apr 23, 2026
• CVE-2026-6941radare2 < 6.1.4 Project Notes Path Traversal via Symlink6.6Apr 23, 2026
• CVE-2026-6940radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion7.1Apr 23, 2026
• CVE-2026-40517radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names7.8Apr 22, 2026
• CVE-2026-40527radare2 Command Injection via DWARF Parameter Names7.8Apr 17, 2026
• CVE-2026-41015radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a relea...7.4Apr 16, 2026
• CVE-2026-40499radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()7.8Apr 15, 2026
• CVE-2025-63745A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a de...5.5Nov 14, 2025
• CVE-2025-63744A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and cras...4.3Nov 14, 2025
• CVE-2025-60361radare2 v5.9.8 and before contains a memory leak in the function bochs_open.3.3Oct 17, 2025
• CVE-2025-60360radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.5.5Oct 17, 2025
• CVE-2025-60359radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.5.5Oct 17, 2025
• CVE-2025-60358radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.5.5Oct 16, 2025