Browse all 53 CVE security advisories affecting radareorg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
radareorg operates as a provider of reverse engineering frameworks and security analysis tools, primarily serving developers and security researchers who require low-level binary inspection capabilities. Historical vulnerability assessments indicate a pattern of common web application flaws, with Remote Code Execution (RCE) and Cross-Site Scripting (XSS) representing the most frequent attack vectors. These issues often stem from insufficient input validation within the platform’s administrative interfaces or web-based management consoles. While the core binary analysis engine remains relatively stable, the associated web components have historically exhibited privilege escalation risks, allowing unauthorized users to gain elevated access. Security audits reveal that many of the recorded Common Vulnerabilities and Exposures (CVEs) relate to outdated dependencies or misconfigured access controls rather than fundamental architectural defects. Consequently, maintaining strict patch management and enforcing robust authentication mechanisms are critical for mitigating the identified risks associated with this software ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6942 | radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass — radare2CWE-78 | 9.8 | Critical | 2026-04-23 |
| CVE-2026-6941 | radare2 < 6.1.4 Project Notes Path Traversal via Symlink — radare2CWE-59 | 6.6 | Medium | 2026-04-23 |
| CVE-2026-6940 | radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion — radare2CWE-22 | 7.1 | High | 2026-04-23 |
| CVE-2026-40517 | radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names — radare2CWE-78 | 7.8 | High | 2026-04-22 |
| CVE-2026-40527 | radare2 Command Injection via DWARF Parameter Names — radare2CWE-78 | 7.8 | High | 2026-04-17 |
| CVE-2026-40499 | radare2 < 6.1.4 Command Injection via PDB Parser print_gvars() — radare2CWE-78 | 7.8 | - | 2026-04-15 |
| CVE-2025-1864 | Buffer Overflow and Potential Code Execution in Radare2 — radare2CWE-119 | 7.8 | - | 2025-03-03 |
| CVE-2025-1744 | Out-of-bounds Write in radare2 — radare2CWE-787 | 7.8 | - | 2025-02-28 |
| CVE-2020-15121 | Command injection in Radare2 — radare2CWE-78 | 7.4 | High | 2020-07-20 |
This page lists every published CVE security advisory associated with radareorg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.