CVE-2026-6941— radare2 < 6.1.4 Project Notes Path Traversal via Symlink

CVSS 6.6 · Medium EPSS 0.03% · P9 Updated Apr 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6941

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

radare2 < 6.1.4 Project Notes Path Traversal via Symlink

Source: NVD (National Vulnerability Database)

Vulnerability Description

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a symlinked notes.txt that bypasses directory confinement checks, allowing note operations to follow the symlink and access arbitrary files outside the dir.projects root directory.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

在文件访问前对链接解析不恰当(链接跟随)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Radare2 后置链接漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Radare2是Radare开源的一个面向 Unix 极客的 Libre 反向框架。 Radare2 6.1.4之前版本存在后置链接漏洞，该漏洞源于项目笔记处理中的路径遍历，允许攻击者通过导入包含符号链接notes.txt文件的恶意.zrp存档来读取或写入配置项目目录之外的文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
radareorg	radare2	0 ~ 6.1.4	-

II. Public POCs for CVE-2026-6941

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-6941

请登录查看更多情报信息。

[security] fix(project): ignore symlinked imported notes by Hinotoi-agent · Pull Request #25831 · radareorg/radare2 · GitHubtechnical-descriptionexploit
Ignore symlinked notes ##projects · radareorg/radare2@4bcdee7 · GitHubissue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2026-6941

Same Patch Batch · radareorg · 2026-04-23 · 3 CVEs total

CVE-2026-6942	9.8 CRITICAL	radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass
CVE-2026-6940	7.1 HIGH	radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion

IV. Related Vulnerabilities

Same product: radare2

Same vendor: radareorg

Same weakness: CWE-59

V. Comments for CVE-2026-6941

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-6941— radare2 < 6.1.4 Project Notes Path Traversal via Symlink

I. Basic Information for CVE-2026-6941

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-6941

III. Intelligence Information for CVE-2026-6941

Same Patch Batch · radareorg · 2026-04-23 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-6941

Leave a comment