Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Old versions of radare2 on some Unix systems may allow hackers to execute commands
CVE-2026-41015
Summary
Old versions of radare2, a debugging tool, are vulnerable to a security risk on some Unix systems. If not using the latest version, hackers could potentially inject malicious commands. Update to the latest version of radare2 to fix this issue.
Original title
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a relea...
Original description
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3.
nvd CVSS3.1
7.4
Vulnerability type
CWE-78
OS Command Injection
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026