Description
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mcp without requiring authentication.
Published: 2026-04-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to inject arbitrary shell metacharacters into JSON-RPC parameters, which the radare2-mcp engine passes to the r2_cmd_str() function without proper sanitization. This results in execution of any shell command the attacker specifies, giving remote code execution on the host machine. The attack does not require prior authentication and is performed entirely through the network interface exposed by radare2-mcp.

Affected Systems

The affected product is radareorg radare2, version 1.6.0 and earlier. Any deployment of radare2-mcp using these versions is susceptible to the described injection flaw.

Risk and Exploitability

The vulnerability has a CVSS score of 9.3, indicating high severity, but the EPSS score is below 1%, which suggests a low current likelihood of exploitation. It is not listed in CISA’s KEV catalog. The attacker can launch this attack remotely by sending crafted JSON-RPC requests to the vulnerable service, and achieving remote code execution without needing authentication.

Generated by OpenCVE AI on April 28, 2026 at 14:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade radare2-mcp to a version newer than 1.6.0, which removes the insecure command‑filter bypass.
  • If an upgrade is not immediately possible, limit exposure of the JSON‑RPC interface by firewall rules or by binding it to localhost only, ensuring that only trusted hosts can connect.
  • Disable or restrict the use of the r2_cmd_str() function in user‑supplied scripts or configuration files and audit the application for unintended command execution.

Generated by OpenCVE AI on April 28, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78

Tue, 28 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Radare
Radare radare2
Vendors & Products Radare
Radare radare2

Fri, 24 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78

Fri, 24 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Description radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mcp without requiring authentication.
Title radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Radare Radare2
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T19:16:22.824Z

Reserved: 2026-04-23T20:52:12.685Z

Link: CVE-2026-6942

cve-icon Vulnrichment

Updated: 2026-04-24T11:07:57.359Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-23T21:16:06.947

Modified: 2026-04-29T20:16:31.187

Link: CVE-2026-6942

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses