CVE-2026-14761

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function r_str_ndup/r_str_append of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is a20a56917ae85d732e683f8d9078bdcfee92446c. Applying a patch is the recommended action to fix this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*

History

06 Jul 2026, 20:03

Type Values Removed Values Added
References () https://github.com/radareorg/radare2/ - () https://github.com/radareorg/radare2/ - Product
References () https://github.com/radareorg/radare2/commit/a20a56917ae85d732e683f8d9078bdcfee92446c - () https://github.com/radareorg/radare2/commit/a20a56917ae85d732e683f8d9078bdcfee92446c - Patch
References () https://github.com/radareorg/radare2/issues/26045 - () https://github.com/radareorg/radare2/issues/26045 - Exploit, Issue Tracking
References () https://vuldb.com/cve/CVE-2026-14761 - () https://vuldb.com/cve/CVE-2026-14761 - Third Party Advisory, VDB Entry
References () https://vuldb.com/submit/850385 - () https://vuldb.com/submit/850385 - Third Party Advisory, VDB Entry
References () https://vuldb.com/vuln/376350 - () https://vuldb.com/vuln/376350 - Third Party Advisory, VDB Entry
References () https://vuldb.com/vuln/376350/cti - () https://vuldb.com/vuln/376350/cti - Permissions Required, VDB Entry
CPE cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*
First Time Radare
Radare radare2

05 Jul 2026, 16:19

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-05 16:19

Updated : 2026-07-06 20:03


NVD link : CVE-2026-14761

Mitre link : CVE-2026-14761

CVE.ORG link : CVE-2026-14761


JSON object : View

Products Affected

radare

  • radare2
CWE
CWE-189

Numeric Errors

CWE-190

Integer Overflow or Wraparound