CVE-2026-8696

HIGH 7.5

radare2 6.1.5 Use-After-Free via gdbr_pids_list()

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.

CWE	CWE-416
Vendor	radare2
Product	radare2
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for radare2 radare2

Be the first to know when new high vulnerabilities affecting radare2 radare2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

radare2 / radare2

6.1.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/radareorg/radare2/issues/25836 github.com: https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c vulncheck.com: https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-list

Credits

Saad Elharaj