CVE-2026-40527

Name: CVE-2026-40527
Creator: NVD / NIST
Published: 2026-04-17T21:16:35.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.5/10EPSS 0.92%

Last modified Jun 17, 2026

CVE-2026-40527 is a high-severity vulnerability rated 8.5/10 on the CVSS scale. radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.. EPSS estimates a 0.92% chance of exploitation in the next 30 days.

Description

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0

8.5/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.92%

55.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Radare	Radare2	< 6.1.6

References

https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683Patch
https://github.com/radareorg/radare2/pull/25821Exploit, Issue Tracking, Patch
https://www.vulncheck.com/advisories/radare2-command-injection-via-dwarf-parameter-namesThird Party Advisory

Timeline

Published: Apr 17, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-40527?

How severe is CVE-2026-40527?

CVE-2026-40527 has a CVSS score of 8.5/10 (HIGH severity). The EPSS model estimates a 0.92% probability of exploitation in the next 30 days.

How do I fix CVE-2026-40527?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-40527?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST