CVE-2026-6941

CVE-2026-6941

Name

CVE-2026-6941

Description

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a symlinked notes.txt that bypasses directory confinement checks, allowing note operations to follow the symlink and access arbitrary files outside the dir.projects root directory.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
disclosure@vulncheck.com	https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
disclosure@vulncheck.com	https://github.com/radareorg/radare2/pull/25831
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/radare2-project-notes-path-traversal-via-symlink

Type

URI

disclosure@vulncheck.com

https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4

disclosure@vulncheck.com

https://github.com/radareorg/radare2/pull/25831

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/radare2-project-notes-path-traversal-via-symlink

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:radare:radare2::::::::`	radare2	>= None	< 6.1.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*

radare2

>= None

< 6.1.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
radare2	edge-community	6.1.2-r0	omni <omni+alpine@hack.org>	possibly vulnerable
radare2	edge-community	6.0.8-r0	omni <omni+alpine@hack.org>	possibly vulnerable
radare2	edge-community	6.0.7-r0	omni <omni+alpine@hack.org>	possibly vulnerable
radare2	edge-community	6.0.4-r0	omni <omni+alpine@hack.org>	possibly vulnerable
radare2	edge-community	5.9.8-r0	omni <omni+alpine@hack.org>	possibly vulnerable
radare2	edge-community	5.8.2-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.8.0-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.7.2-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.7.0-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.6.8-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.6.6-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.6.4-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.6.2-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.6.0-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.5.4-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.5.2-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.4.0-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	5.3.1-r0	Valery Kartel <valery.kartel@gmail.com>	possibly vulnerable
radare2	edge-community	4.5.1-r0	None	possibly vulnerable
radare2	edge-community	4.5.0-r0	None	possibly vulnerable
radare2	edge-community	4.4.0-r0	None	possibly vulnerable
radare2	edge-community	4.0.0-r0	None	possibly vulnerable
radare2	edge-community	3.9.0-r0	None	possibly vulnerable
radare2	3.23-community	6.0.7-r0	omni <omni+alpine@hack.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages