CVE-2026-40499

Name
CVE-2026-40499
Description
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted section names to inject r2 commands that are executed when the idp command processes the file.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
disclosure@vulncheck.com https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero
disclosure@vulncheck.com https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeebb7397
disclosure@vulncheck.com https://github.com/radareorg/radare2/issues/25752
disclosure@vulncheck.com https://github.com/radareorg/radare2/releases/tag/6.1.4
disclosure@vulncheck.com https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-print-gvars

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:* radare2 >= None <= 6.1.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
radare2 edge-community 6.1.4-r0 omni <omni+alpine@hack.org> possibly vulnerable
radare2 edge-community 6.1.2-r0 omni <omni+alpine@hack.org> possibly vulnerable
radare2 edge-community 6.0.8-r0 omni <omni+alpine@hack.org> possibly vulnerable
radare2 edge-community 6.0.7-r0 omni <omni+alpine@hack.org> possibly vulnerable
radare2 edge-community 6.0.4-r0 omni <omni+alpine@hack.org> possibly vulnerable
radare2 edge-community 5.9.8-r0 omni <omni+alpine@hack.org> possibly vulnerable
radare2 edge-community 5.8.2-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.8.0-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.7.2-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.7.0-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.6.8-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.6.6-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.6.4-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.6.2-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.6.0-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.5.4-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.5.2-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.4.0-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 5.3.1-r0 Valery Kartel <valery.kartel@gmail.com> possibly vulnerable
radare2 edge-community 4.5.1-r0 None possibly vulnerable
radare2 edge-community 4.5.0-r0 None possibly vulnerable
radare2 edge-community 4.4.0-r0 None possibly vulnerable
radare2 edge-community 4.0.0-r0 None possibly vulnerable
radare2 edge-community 3.9.0-r0 None possibly vulnerable
radare2 3.23-community 6.0.7-r0 omni <omni+alpine@hack.org> possibly vulnerable