Product

Radare2

2 briefs RSS

Radare2 Path Traversal Vulnerability in Project Deletion

Radare2 versions prior to 6.1.4 are vulnerable to a path traversal in project deletion, allowing local attackers to recursively delete arbitrary directories by escaping the 'dir.projects' root, leading to integrity and availability loss.

radare2 path-traversal local-privilege-escalation

2r 1t 1c 1w ago

high advisory

radare2 PDB Parser Command Injection Vulnerability (CVE-2026-40517)

2 rules 1 TTP 1 CVE

A command injection vulnerability exists in radare2 versions prior to 6.1.4, where a crafted PDB file with newline characters in symbol names can inject arbitrary radare2 commands, leading to arbitrary OS command execution.

radare2 command-injection CVE-2026-40517

2r 1t 1c Jan 24, 2024