Skip to main content

radare2 CVE-2026-14786

| EUVDEUVD-2026-41796 LOW
Integer Overflow or Wraparound (CWE-190)
2026-07-06 VulDB GHSA-2hgc-c8xq-92w3
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Local-only access with low privileges required; impact is limited to crashing the radare2 process with no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 06, 2026 - 01:26 vuln.today
Severity Changed
Jul 06, 2026 - 01:22 NVD
MEDIUM LOW
CVSS changed
Jul 06, 2026 - 01:22 NVD
4.8 (MEDIUM) 1.9 (LOW)

DescriptionCVE.org

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function r_str_word_get0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 11ac224c0eb8d57830fccc99e1c1cd8e5d958813. It is best practice to apply a patch to resolve this issue.

AnalysisAI

Integer overflow in radare2's r_str_word_get0set function (libr/util/str.c) allows a local low-privileged attacker to crash the application on versions up to 6.1.6. The CWE-190 integer wraparound can produce a buffer overflow condition, degrading availability of the radare2 analysis session. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege user access
Delivery
Execute radare2 with crafted string input
Exploit
Trigger integer wraparound in r_str_word_get0set
Execution
Cause buffer overflow condition
Impact
Crash radare2 process

Vulnerability AssessmentAI

Exploitation The attacker must have local system access with at minimum a low-privilege user account (PR:L per CVSS 4.0). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N) scores 1.9, signaling genuinely low risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with a standard unprivileged account on a system where radare2 is installed crafts a malformed input designed to trigger integer wraparound in `r_str_word_get0set`, causing an undersized buffer allocation and subsequent memory corruption that crashes the radare2 process. A public proof-of-concept demonstrating this crash is available via the GitHub issue at https://github.com/radareorg/radare2/issues/26047. …
Remediation Apply upstream fix commit 11ac224c0eb8d57830fccc99e1c1cd8e5d958813 from the radare2 GitHub repository (https://github.com/radareorg/radare2/commit/11ac224c0eb8d57830fccc99e1c1cd8e5d958813). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-46570 CRITICAL POC
9.8 Oct 28

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h

CVE-2023-46569 CRITICAL POC
9.8 Oct 28

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-d

CVE-2023-4322 CRITICAL POC
9.8 Aug 14

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated critical severity (CVSS 9.8), th

CVE-2026-6942 CRITICAL POC
9.3 Apr 23

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to exe

CVE-2022-1899 CRITICAL POC
9.1 May 26

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Rated critical severity (CVSS 9.1), this vulne

CVE-2022-1297 CRITICAL POC
9.1 Apr 11

Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated cri

CVE-2022-1296 CRITICAL POC
9.1 Apr 11

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated critic

CVE-2023-5686 HIGH POC
8.8 Oct 20

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated high severity (CVSS 8.8), this v

CVE-2026-40499 HIGH POC
8.4 Apr 15

Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process ma

CVE-2017-16357 HIGH POC
7.8 Nov 01

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_ve

CVE-2017-15932 HIGH POC
7.8 Oct 27

In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo

CVE-2017-15931 HIGH POC
7.8 Oct 27

In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo

Share

CVE-2026-14786 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy