Description

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3.

INFO

Published Date :

2026-04-16T02:35:47.196Z

Last Modified :

2026-04-16T02:44:57.723Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41015 vulnerability.

Vendors Products
Radare
  • Radare2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41015.

URL Resource
https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5 cve-icon cve-icon
https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2 cve-icon cve-icon
https://github.com/radareorg/radare2/issues/25650 cve-icon cve-icon
https://github.com/radareorg/radare2/pull/25651 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact