Tag
radare2 version 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function, allowing remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response, potentially leading to denial of service or code execution through GDB remote debugging (CVE-2026-8695).