CVE-2026-14788
Last modified
CVE-2026-14788 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function r_core_bin_load of the file libr/core/cfile.c. EPSS estimates a 0.11% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function r_core_bin_load of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 635ab1eeb30340c26076722a90cb91fb2272130b. Applying a patch is advised to resolve this issue.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | >= 6.1.0, <= 6.1.6 |
References
- https://github.com/radareorg/radare2/issues/26049Exploit, Issue Tracking
- https://vuldb.com/cve/CVE-2026-14788Third Party Advisory, VDB Entry
- https://vuldb.com/submit/850388Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/376377Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/376377/ctiPermissions Required, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-14788?
How severe is CVE-2026-14788?
How do I fix CVE-2026-14788?
Related CVEs from 2026
- CVE-2026-1478An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14781A flaw exists in the org.keycloak.broker.oidc package where …4.8
- CVE-2026-14783A vulnerability was determined in NousResearch hermes-agent …4.3
- CVE-2026-14784A vulnerability was identified in vxcontrol PentAGI up to 2.…6.3
- CVE-2026-14786A security flaw has been discovered in radareorg radare2 up …5.5
- CVE-2026-14787A weakness has been identified in radareorg radare2 up to 6.…7.8
- CVE-2026-14789A vulnerability was detected in radareorg radare2 up to 6.1.…7.8
- CVE-2026-1479An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14790A flaw has been found in GPAC 26.02.0. This affects the func…3.3
- CVE-2026-14791A weakness has been identified in crater-invoice-inc crater …3.5
- CVE-2026-14792A security vulnerability has been detected in Formbricks 5.0…6.9
- CVE-2026-14793A vulnerability was detected in Craft CMS up to 4.18.0.1. Af…5.3
Are you affected by CVE-2026-14788?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
