Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2026-8696: radare2 6.1.5: Remote attackers can crash or take control of radare2
CVE-2026-8696
Summary
A security issue affects radare2 6.1.5. Attackers can send malicious data to cause radare2 to crash or potentially take control of the system. We recommend updating to a newer version of radare2 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| radare | radare2 |
<= 6.1.4 cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:* |
Original title
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute ar...
Original description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-416
Use After Free
Published: 15 May 2026 · Updated: 30 May 2026 · First seen: 15 May 2026