CVE-2026-6941

MEDIUM EPSS 9.8%
Published Apr 23, 20262mo ago · Modified Jun 17, 20261w ago
6.9 CVSS 4.0
Medium
Find Similar
Published Apr 23, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a symlinked notes.txt that bypasses directory confinement checks, allowing note operations to follow the symlink and access arbitrary files outside the dir.projects root directory.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
9.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt
CWE-59

Affected Products 1

VendorProductVersionRange
radareradare2* <6.1.4

References 3

  • github.com https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
    Patch
  • github.com https://github.com/radareorg/radare2/pull/25831
    ExploitIssue TrackingThird Party Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/radare2-project-notes-path-traversal-via-symlink
    Third Party Advisory

Remediation

  • github.com https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
    Patch