Skip to main content

radare2 CVE-2026-14787

| EUVDEUVD-2026-41797 LOW
Integer Overflow or Wraparound (CWE-190)
2026-07-06 VulDB GHSA-4m93-7925-jv2p
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Local execution with low privileges triggers the integer overflow; impact is limited to a radare2 process crash with no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 06, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jul 06, 2026 - 02:22 NVD
4.8 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jul 06, 2026 - 02:13 vuln.today

DescriptionCVE.org

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmd_print in the library libr/core/cmd_print.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: 2b6265476c75567006b0fcbb749f4ae7b189c5df. It is recommended to apply a patch to fix this issue.

AnalysisAI

Integer overflow in radare2's pb Print Command Handler affects all versions through 6.1.6, exploitable locally by a low-privileged user to crash the radare2 process. The flaw resides in the cmd_print function within libr/core/cmd_print.inc and results in availability impact only - no confidentiality or integrity loss is indicated. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local access to system running radare2
Delivery
Craft malformed input targeting pb command
Exploit
Invoke pb command within radare2 session
Execution
Trigger integer overflow in cmd_print function
Impact
Crash radare2 process (denial of service)

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to a system where radare2 is installed and the ability to execute it with low privileges (e.g., a standard user account). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.8 with vector AV:L/AC:L/AT:N/PR:L/UI:N reflects realistic risk: local access and low privileges are required, and impact is limited to VA:L (low availability on the vulnerable system only) with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local low-privileged user, or a crafted binary designed to elicit specific analysis commands, supplies malformed input to radare2's pb print command within an interactive session or automated analysis script. The crafted input triggers an integer overflow in the cmd_print function, corrupting internal state and causing radare2 to crash. …
Remediation Apply the upstream patch commit 2b6265476c75567006b0fcbb749f4ae7b189c5df, available at https://github.com/phix33/radare2/commit/2b6265476c75567006b0fcbb749f4ae7b189c5df. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-46570 CRITICAL POC
9.8 Oct 28

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h

CVE-2023-46569 CRITICAL POC
9.8 Oct 28

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-d

CVE-2023-4322 CRITICAL POC
9.8 Aug 14

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated critical severity (CVSS 9.8), th

CVE-2026-6942 CRITICAL POC
9.3 Apr 23

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to exe

CVE-2022-1899 CRITICAL POC
9.1 May 26

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Rated critical severity (CVSS 9.1), this vulne

CVE-2022-1297 CRITICAL POC
9.1 Apr 11

Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated cri

CVE-2022-1296 CRITICAL POC
9.1 Apr 11

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated critic

CVE-2023-5686 HIGH POC
8.8 Oct 20

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated high severity (CVSS 8.8), this v

CVE-2026-40499 HIGH POC
8.4 Apr 15

Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process ma

CVE-2017-16357 HIGH POC
7.8 Nov 01

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_ve

CVE-2017-15932 HIGH POC
7.8 Oct 27

In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo

CVE-2017-15931 HIGH POC
7.8 Oct 27

In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo

Share

CVE-2026-14787 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy