« List of all CVEs

CVE-2026-14760

radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free

Published: 7/5/2026 Last updated: 7/6/2026 Reserved: 7/4/2026

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.

CNA assigner: VulDB (1af790b2-7ee1-4545-860a-a788eba489b5) Requested by: n/a

Metrics

Version Score Severity Vector String
4.0 1.9 Low CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1 3 Low CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.0 3 Low CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.0 1.3 Low CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Opam packages affected (2)

conf-radare2 radare2

Products affected (2)

Product Vendor Version
radare2 radareorg < 3.9.0
radare2 radareorg < 10.0.17763.2183

References (16)

Credits (2)