CVE-2026-14760
LOWradareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free
Title source: cnaDescription
A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-376349 | radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free
https://vuldb.com/vuln/376349
Signature, Permissions Required signature
permissions-required
VDB-376349 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/376349/cti
Third Party Advisory third-party-advisory
CVE-2026-14760 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14760
Third Party Advisory third-party-advisory
Submit #850384 | radareorg radare2 6.1.6 Use After Free
https://vuldb.com/submit/850384
Exploit exploit
issue-tracking
https://github.com/radareorg/radare2/issues/26044
Product product
https://github.com/radareorg/radare2/
Scores
CVSS v3
3.3
EPSS
0.0014
EPSS Percentile
3.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-416
Status
published
Products (8)
radare/radare2
< 6.1.8
radareorg/radare2
6.1.0
radareorg/radare2
6.1.1
radareorg/radare2
6.1.2
radareorg/radare2
6.1.3
radareorg/radare2
6.1.4
radareorg/radare2
6.1.5
radareorg/radare2
6.1.6
Published
Jul 05, 2026
Tracked Since
Jul 05, 2026