CVE-2026-14760

LOW

radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free

Title source: cna
STIX 2.1

Description

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.

References (7)

Core 7
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-376349 | radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free
https://vuldb.com/vuln/376349
Signature, Permissions Required signature permissions-required
VDB-376349 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/376349/cti
Third Party Advisory third-party-advisory
CVE-2026-14760 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14760
Third Party Advisory third-party-advisory
Submit #850384 | radareorg radare2 6.1.6 Use After Free
https://vuldb.com/submit/850384
Exploit exploit issue-tracking
https://github.com/radareorg/radare2/issues/26044

Scores

CVSS v3 3.3
EPSS 0.0014
EPSS Percentile 3.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-119 CWE-416
Status published
Products (8)
radare/radare2 < 6.1.8
radareorg/radare2 6.1.0
radareorg/radare2 6.1.1
radareorg/radare2 6.1.2
radareorg/radare2 6.1.3
radareorg/radare2 6.1.4
radareorg/radare2 6.1.5
radareorg/radare2 6.1.6
Published Jul 05, 2026
Tracked Since Jul 05, 2026