CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitized symbol name interpolation in the flag rename command, which are then executed when a user runs the idp command against the malicious PDB file, enabling arbitrary OS command execution through radare2's shell execution operator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.0%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2026-40517

Radare » Radare2 » Version: 0.10.0

cpe:2.3:a:radare:radare2:0.10.0
Radare » Radare2 » Version: 0.10.1

cpe:2.3:a:radare:radare2:0.10.1
Radare » Radare2 » Version: 0.10.2

cpe:2.3:a:radare:radare2:0.10.2
Radare » Radare2 » Version: 0.10.3

cpe:2.3:a:radare:radare2:0.10.3
Radare » Radare2 » Version: 0.10.4

cpe:2.3:a:radare:radare2:0.10.4
Radare » Radare2 » Version: 0.10.5

cpe:2.3:a:radare:radare2:0.10.5
Radare » Radare2 » Version: 0.10.6

cpe:2.3:a:radare:radare2:0.10.6
Radare » Radare2 » Version: 0.8.6

cpe:2.3:a:radare:radare2:0.8.6
Radare » Radare2 » Version: 0.8.8

cpe:2.3:a:radare:radare2:0.8.8
Radare » Radare2 » Version: 0.9

cpe:2.3:a:radare:radare2:0.9
Radare » Radare2 » Version: 0.9.2

cpe:2.3:a:radare:radare2:0.9.2
Radare » Radare2 » Version: 0.9.4

cpe:2.3:a:radare:radare2:0.9.4
Radare » Radare2 » Version: 0.9.6

cpe:2.3:a:radare:radare2:0.9.6
Radare » Radare2 » Version: 0.9.7

cpe:2.3:a:radare:radare2:0.9.7
Radare » Radare2 » Version: 0.9.7.3-1

cpe:2.3:a:radare:radare2:0.9.7.3-1
Radare » Radare2 » Version: 0.9.8

cpe:2.3:a:radare:radare2:0.9.8
Radare » Radare2 » Version: 0.9.9

cpe:2.3:a:radare:radare2:0.9.9
Radare » Radare2 » Version: 1.0

cpe:2.3:a:radare:radare2:1.0
Radare » Radare2 » Version: 1.0.0

cpe:2.3:a:radare:radare2:1.0.0
Radare » Radare2 » Version: 1.0.1

cpe:2.3:a:radare:radare2:1.0.1
Radare » Radare2 » Version: 1.0.2

cpe:2.3:a:radare:radare2:1.0.2
Radare » Radare2 » Version: 1.1.0

cpe:2.3:a:radare:radare2:1.1.0
Radare » Radare2 » Version: 1.2.0

cpe:2.3:a:radare:radare2:1.2.0
Radare » Radare2 » Version: 1.2.1

cpe:2.3:a:radare:radare2:1.2.1
Radare » Radare2 » Version: 1.3.0

cpe:2.3:a:radare:radare2:1.3.0
Radare » Radare2 » Version: 1.4.0

cpe:2.3:a:radare:radare2:1.4.0
Radare » Radare2 » Version: 1.5.0

cpe:2.3:a:radare:radare2:1.5.0
Radare » Radare2 » Version: 1.6.0

cpe:2.3:a:radare:radare2:1.6.0
Radare » Radare2 » Version: 2.0.0

cpe:2.3:a:radare:radare2:2.0.0
Radare » Radare2 » Version: 2.0.1

cpe:2.3:a:radare:radare2:2.0.1
Radare » Radare2 » Version: 2.1.0

cpe:2.3:a:radare:radare2:2.1.0
Radare » Radare2 » Version: 2.2.0

cpe:2.3:a:radare:radare2:2.2.0
Radare » Radare2 » Version: 2.3.0

cpe:2.3:a:radare:radare2:2.3.0
Radare » Radare2 » Version: 2.4.0

cpe:2.3:a:radare:radare2:2.4.0
Radare » Radare2 » Version: 2.5.0

cpe:2.3:a:radare:radare2:2.5.0
Radare » Radare2 » Version: 2.6.0

cpe:2.3:a:radare:radare2:2.6.0
Radare » Radare2 » Version: 2.6.9

cpe:2.3:a:radare:radare2:2.6.9
Radare » Radare2 » Version: 2.7.0

cpe:2.3:a:radare:radare2:2.7.0
Radare » Radare2 » Version: 2.8.0

cpe:2.3:a:radare:radare2:2.8.0
Radare » Radare2 » Version: 2.9.0

cpe:2.3:a:radare:radare2:2.9.0
Radare » Radare2 » Version: 3.0.0

cpe:2.3:a:radare:radare2:3.0.0
Radare » Radare2 » Version: 3.0.1

cpe:2.3:a:radare:radare2:3.0.1
Radare » Radare2 » Version: 3.1.0

cpe:2.3:a:radare:radare2:3.1.0
Radare » Radare2 » Version: 3.1.1

cpe:2.3:a:radare:radare2:3.1.1
Radare » Radare2 » Version: 3.1.2

cpe:2.3:a:radare:radare2:3.1.2
Radare » Radare2 » Version: 3.1.3

cpe:2.3:a:radare:radare2:3.1.3
Radare » Radare2 » Version: 3.2.0

cpe:2.3:a:radare:radare2:3.2.0
Radare » Radare2 » Version: 3.2.1

cpe:2.3:a:radare:radare2:3.2.1
Radare » Radare2 » Version: 3.3.0

cpe:2.3:a:radare:radare2:3.3.0
Radare » Radare2 » Version: 3.4.0

cpe:2.3:a:radare:radare2:3.4.0
Radare » Radare2 » Version: 3.4.1

cpe:2.3:a:radare:radare2:3.4.1
Radare » Radare2 » Version: 3.5.0

cpe:2.3:a:radare:radare2:3.5.0
Radare » Radare2 » Version: 3.5.1

cpe:2.3:a:radare:radare2:3.5.1
Radare » Radare2 » Version: 3.6.0

cpe:2.3:a:radare:radare2:3.6.0
Radare » Radare2 » Version: 3.7.0

cpe:2.3:a:radare:radare2:3.7.0
Radare » Radare2 » Version: 3.7.1

cpe:2.3:a:radare:radare2:3.7.1
Radare » Radare2 » Version: 3.8.0

cpe:2.3:a:radare:radare2:3.8.0
Radare » Radare2 » Version: 3.9.0

cpe:2.3:a:radare:radare2:3.9.0
Radare » Radare2 » Version: 4.0.0

cpe:2.3:a:radare:radare2:4.0.0
Radare » Radare2 » Version: 4.1.0

cpe:2.3:a:radare:radare2:4.1.0
Radare » Radare2 » Version: 4.1.1

cpe:2.3:a:radare:radare2:4.1.1
Radare » Radare2 » Version: 4.2.0

cpe:2.3:a:radare:radare2:4.2.0
Radare » Radare2 » Version: 4.2.1

cpe:2.3:a:radare:radare2:4.2.1
Radare » Radare2 » Version: 4.3.0

cpe:2.3:a:radare:radare2:4.3.0
Radare » Radare2 » Version: 4.3.1

cpe:2.3:a:radare:radare2:4.3.1
Radare » Radare2 » Version: 4.4.0

cpe:2.3:a:radare:radare2:4.4.0
Radare » Radare2 » Version: 4.5.0

cpe:2.3:a:radare:radare2:4.5.0
Radare » Radare2 » Version: 4.5.1

cpe:2.3:a:radare:radare2:4.5.1
Radare » Radare2 » Version: 5.0.0

cpe:2.3:a:radare:radare2:5.0.0
Radare » Radare2 » Version: 5.1.0

cpe:2.3:a:radare:radare2:5.1.0
Radare » Radare2 » Version: 5.1.1

cpe:2.3:a:radare:radare2:5.1.1
Radare » Radare2 » Version: 5.2.0

cpe:2.3:a:radare:radare2:5.2.0
Radare » Radare2 » Version: 5.2.1

cpe:2.3:a:radare:radare2:5.2.1
Radare » Radare2 » Version: 5.3.0

cpe:2.3:a:radare:radare2:5.3.0
Radare » Radare2 » Version: 5.3.1

cpe:2.3:a:radare:radare2:5.3.1
Radare » Radare2 » Version: 5.4.0

cpe:2.3:a:radare:radare2:5.4.0
Radare » Radare2 » Version: 5.4.2

cpe:2.3:a:radare:radare2:5.4.2
Radare » Radare2 » Version: 5.5.0

cpe:2.3:a:radare:radare2:5.5.0
Radare » Radare2 » Version: 5.5.2

cpe:2.3:a:radare:radare2:5.5.2
Radare » Radare2 » Version: 5.5.4

cpe:2.3:a:radare:radare2:5.5.4
Radare » Radare2 » Version: 5.6.0

cpe:2.3:a:radare:radare2:5.6.0
Radare » Radare2 » Version: 5.6.2

cpe:2.3:a:radare:radare2:5.6.2
Radare » Radare2 » Version: 5.6.4

cpe:2.3:a:radare:radare2:5.6.4
Radare » Radare2 » Version: 5.6.6

cpe:2.3:a:radare:radare2:5.6.6
Radare » Radare2 » Version: 5.6.8

cpe:2.3:a:radare:radare2:5.6.8
Radare » Radare2 » Version: 5.6.9

cpe:2.3:a:radare:radare2:5.6.9
Radare » Radare2 » Version: 5.7.0

cpe:2.3:a:radare:radare2:5.7.0
Radare » Radare2 » Version: 5.7.2

cpe:2.3:a:radare:radare2:5.7.2
Radare » Radare2 » Version: 5.7.4

cpe:2.3:a:radare:radare2:5.7.4
Radare » Radare2 » Version: 5.7.6

cpe:2.3:a:radare:radare2:5.7.6
Radare » Radare2 » Version: 5.7.8

cpe:2.3:a:radare:radare2:5.7.8
Radare » Radare2 » Version: 5.8.0

cpe:2.3:a:radare:radare2:5.8.0
Radare » Radare2 » Version: 5.8.2

cpe:2.3:a:radare:radare2:5.8.2
Radare » Radare2 » Version: 5.8.3

cpe:2.3:a:radare:radare2:5.8.3
Radare » Radare2 » Version: 5.8.4

cpe:2.3:a:radare:radare2:5.8.4
Radare » Radare2 » Version: 5.8.6

cpe:2.3:a:radare:radare2:5.8.6
Radare » Radare2 » Version: 5.8.8

cpe:2.3:a:radare:radare2:5.8.8
Radare » Radare2 » Version: 5.9.0

cpe:2.3:a:radare:radare2:5.9.0
Radare » Radare2 » Version: 5.9.2

cpe:2.3:a:radare:radare2:5.9.2
Radare » Radare2 » Version: 5.9.4

cpe:2.3:a:radare:radare2:5.9.4
Radare » Radare2 » Version: 5.9.6

cpe:2.3:a:radare:radare2:5.9.6
Radare » Radare2 » Version: 5.9.8

cpe:2.3:a:radare:radare2:5.9.8
Radare » Radare2 » Version: 5.9.9

cpe:2.3:a:radare:radare2:5.9.9
Radare » Radare2 » Version: 6.0.0

cpe:2.3:a:radare:radare2:6.0.0
Radare » Radare2 » Version: 6.0.2

cpe:2.3:a:radare:radare2:6.0.2
Radare » Radare2 » Version: 6.0.4

cpe:2.3:a:radare:radare2:6.0.4
Radare » Radare2 » Version: 6.0.5

cpe:2.3:a:radare:radare2:6.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40517

Products

Pricing

Contact Us