Description

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitized symbol name interpolation in the flag rename command, which are then executed when a user runs the idp command against the malicious PDB file, enabling arbitrary OS command execution through radare2's shell execution operator.

INFO

Published Date :

2026-04-22T21:44:12.543Z

Last Modified :

2026-04-23T16:24:25.301Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40517 vulnerability.

Vendors Products
Radare
  • Radare2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40517.

URL Resource
https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero cve-icon cve-icon
https://github.com/radareorg/radare2/issues/25730 cve-icon cve-icon
https://github.com/radareorg/radare2/pull/25731 cve-icon cve-icon
https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-symbol-names cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact