PT-2026-33247 · Radare2 · Radare2
Published
2026-04-16
·
Updated
2026-04-17
·
CVE-2026-41015
CVSS v3.1
7.4
High
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
radare2 versions 6.1.2 through 6.1.3
Description
When configured on UNIX without SSL, the software allows command injection via a PDB name provided to the 'rabin2 -PP' command.
Recommendations
Update radare2 to version 9236f44 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Radare2