{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-41015", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-16T02:35:46.790Z", "datePublished": "2026-04-16T02:35:47.196Z", "dateUpdated": "2026-04-16T13:15:26.207Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "radare2", "vendor": "radare", "versions": [{"lessThan": "9236f44a28812fe911814e1b3a7bcf1e4de5d3c2", "status": "affected", "version": "01ca2f61fa43bd3f4b732447de31b16039d820c0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "value": "radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T02:44:57.723Z"}, "references": [{"url": "https://github.com/radareorg/radare2/issues/25650"}, {"url": "https://github.com/radareorg/radare2/pull/25651"}, {"url": "https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5"}, {"url": "https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", "versionStartIncluding": "01ca2f61fa43bd3f4b732447de31b16039d820c0", "versionEndExcluding": "9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"}]}]}]}, "adp": [{"references": [{"url": "https://github.com/radareorg/radare2/issues/25650", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T13:15:20.609734Z", "id": "CVE-2026-41015", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:15:26.207Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41015", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T13:15:20.609734Z"}}}], "references": [{"url": "https://github.com/radareorg/radare2/issues/25650", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:15:10.629Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "radare", "product": "radare2", "versions": [{"status": "affected", "version": "01ca2f61fa43bd3f4b732447de31b16039d820c0", "lessThan": "9236f44a28812fe911814e1b3a7bcf1e4de5d3c2", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/radareorg/radare2/issues/25650"}, {"url": "https://github.com/radareorg/radare2/pull/25651"}, {"url": "https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5"}, {"url": "https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "9236f44a28812fe911814e1b3a7bcf1e4de5d3c2", "versionStartIncluding": "01ca2f61fa43bd3f4b732447de31b16039d820c0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T02:44:57.723Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41015", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:15:26.207Z", "dateReserved": "2026-04-16T02:35:46.790Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-16T02:35:47.196Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3."}], "id": "CVE-2026-41015", "lastModified": "2026-04-17T15:38:09.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-16T03:16:27.440", "references": [{"source": "cve@mitre.org", "url": "https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5"}, {"source": "cve@mitre.org", "url": "https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2"}, {"source": "cve@mitre.org", "url": "https://github.com/radareorg/radare2/issues/25650"}, {"source": "cve@mitre.org", "url": "https://github.com/radareorg/radare2/pull/25651"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/radareorg/radare2/issues/25650"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[01ca2f61fa43bd3f4b732447de31b16039d820c0,9236f44a28812fe911814e1b3a7bcf1e4de5d3c2)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "radare2", "source": "cna", "vendor": "radare"}, "product": "radare2", "vendor": "radare"}], "analysis": {"en": {"generated_at": "2026-04-16T09:00:19.317471+00:00", "value": {"mitigation_remediation": ["Upgrade radare2 to a commit newer than 9236f44, preferably a release newer than 6.1.3 from the official repository or packaged distributions.", "Ensure that radare2 is configured with SSL enabled; if SSL cannot be enabled, run radare2 with the least privilege and restrict its use to trusted users.", "If an upgrade cannot be performed immediately, disable or remove the rabin2 -PP option for untrusted input or encode and whitelist the PDB names to prevent execution of malicious commands."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Users of radare2 before commit 9236f44 that are configured on UNIX without SSL are affected. This includes all versions released between 6.1.2 and 6.1.3 as well as earlier releases that have not applied the patch. Releases after 6.1.3 or those with SSL enabled are not impacted.", "description_and_impact": "The vulnerability is a command injection flaw in radare2 triggered when an attacker supplies a specially crafted PDB name to the rabin2 -PP command while the software runs on UNIX systems with SSL disabled. Affected releases are those before commit 9236f44, specifically those released between version 6.1.2 and 6.1.3. If an attacker can control the PDB name, the shell is executed with arbitrary commands, potentially granting full control of the host where radare2 is running. This flaw is classified as CWE\u201178.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.4, indicating high severity. Exploitation requires the ability to influence the PDB name in the rabin2 -PP invocation. If radare2 is run by a privileged user or exposed through a network service without SSL, an attacker could achieve remote code execution. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog at this time."}}}}, "created": "2026-04-16T03:30:05.961935+00:00", "title": "Command Injection via PDB Name in radare2 When SSL Disabled", "updated": "2026-04-16T09:15:30.972134+00:00", "vendors": ["radare", "radare$PRODUCT$radare2"]}