PT-2026-55838 · Radareorg · Radare2

Kery Qi

·

Published

2026-07-06

·

Updated

2026-07-06

·

CVE-2026-14786

CVSS v2.0

1.7

Low

VectorAV:L/AC:L/Au:S/C:N/I:N/A:P
A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function r str word get0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 11ac224c0eb8d57830fccc99e1c1cd8e5d958813. It is best practice to apply a patch to resolve this issue.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14786

Affected Products

Radare2