Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2026-8695: radare2: Remote attackers can crash or take control of radare2
CVE-2026-8695
Summary
The radare2 debugging tool has a security flaw that can be exploited by attackers using a remote debugging feature. This flaw can cause radare2 to crash or allow attackers to take control of the system. To protect yourself, make sure you're running the latest version of radare2 and use secure remote debugging practices.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| radare | radare2 |
<= 6.1.4 cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:* |
Original title
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed...
Original description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-416
Use After Free
Published: 15 May 2026 · Updated: 30 May 2026 · First seen: 15 May 2026