CVE-2026-14761
Last modified
CVE-2026-14761 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function r_str_ndup/r_str_append of the file libr/util/str.c. EPSS estimates a 0.11% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function r_str_ndup/r_str_append of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is a20a56917ae85d732e683f8d9078bdcfee92446c. Applying a patch is the recommended action to fix this issue.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | < 6.1.8 |
References
- https://github.com/radareorg/radare2/issues/26045Exploit, Issue Tracking
- https://vuldb.com/cve/CVE-2026-14761Third Party Advisory, VDB Entry
- https://vuldb.com/submit/850385Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/376350Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/376350/ctiPermissions Required, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-14761?
How severe is CVE-2026-14761?
How do I fix CVE-2026-14761?
Related CVEs from 2026
- CVE-2026-14756A vulnerability was found in code-projects Hotel and Tourism…7.3
- CVE-2026-14757A vulnerability was determined in radareorg radare2 up to 6.…5.3
- CVE-2026-14758A vulnerability was identified in radareorg radare2 up to 6.…5.5
- CVE-2026-14759A security flaw has been discovered in radareorg radare2 up …7.8
- CVE-2026-1476An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14760A weakness has been identified in radareorg radare2 up to 6.…7.8
- CVE-2026-14762A vulnerability was detected in code-projects Hotel and Tour…7.3
- CVE-2026-14763A flaw has been found in code-projects Hotel and Tourism Res…7.3
- CVE-2026-14764A vulnerability has been found in code-projects Hotel and To…7.3
- CVE-2026-14766A vulnerability was identified in CodeAstro Apartment Visito…6.3
- CVE-2026-14767A security flaw has been discovered in CodeAstro Ecommerce W…6.3
- CVE-2026-14768A weakness has been identified in code-projects Real State S…7.3
Are you affected by CVE-2026-14761?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
