Description

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.

INFO

Published Date :

2026-04-17T20:25:20.143Z

Last Modified :

2026-04-20T14:20:04.639Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40527 vulnerability.

Vendors Products
Radare
  • Radare2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40527.

URL Resource
https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683 cve-icon cve-icon
https://github.com/radareorg/radare2/pull/25821 cve-icon cve-icon
https://www.vulncheck.com/advisories/radare2-command-injection-via-dwarf-parameter-names cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact