CVE-2026-40499

HIGH EPSS 63.9%
Published Apr 15, 20262mo ago · Modified Jun 17, 20261w ago
8.4 CVSS 4.0
High
Find Similar
Published Apr 15, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted section names to inject r2 commands that are executed when the idp command processes the file.

CVSS Details

Base Score
8.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
63.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 1

VendorProductVersionRange
radareradare2* ≤6.1.4

References 4

  • github.com https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeebb7397
    Patch
  • github.com https://github.com/radareorg/radare2/issues/25752
    ExploitIssue TrackingThird Party Advisory
  • github.com https://github.com/radareorg/radare2/releases/tag/6.1.4
    Release Notes
  • vulncheck.com https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-print-gvars
    Third Party Advisory

Remediation

  • github.com https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeebb7397
    Patch