CVE-2026-14760
Last modified
CVE-2026-14760 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | >= 6.1.0, < 6.1.8 |
References
- https://github.com/radareorg/radare2/issues/26044Exploit, Issue Tracking
- https://vuldb.com/cve/CVE-2026-14760Third Party Advisory, VDB Entry
- https://vuldb.com/submit/850384Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/376349Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/376349/ctiPermissions Required, VDB Entry
- https://vuldb.com/submit/850384Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-14760?
How severe is CVE-2026-14760?
How do I fix CVE-2026-14760?
Related CVEs from 2026
- CVE-2026-14755A vulnerability has been found in code-projects Hotel and To…7.3
- CVE-2026-14756A vulnerability was found in code-projects Hotel and Tourism…7.3
- CVE-2026-14757A vulnerability was determined in radareorg radare2 up to 6.…5.3
- CVE-2026-14758A vulnerability was identified in radareorg radare2 up to 6.…5.5
- CVE-2026-14759A security flaw has been discovered in radareorg radare2 up …7.8
- CVE-2026-1476An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14761A security vulnerability has been detected in radareorg rada…5.5
- CVE-2026-14762A vulnerability was detected in code-projects Hotel and Tour…7.3
- CVE-2026-14763A flaw has been found in code-projects Hotel and Tourism Res…7.3
- CVE-2026-14764A vulnerability has been found in code-projects Hotel and To…7.3
- CVE-2026-14766A vulnerability was identified in CodeAstro Apartment Visito…6.3
- CVE-2026-14767A security flaw has been discovered in CodeAstro Ecommerce W…6.3
Are you affected by CVE-2026-14760?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
