Description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
Published: 2026-05-15
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in radare2 6.1.5’s gdbr_threads_list() routine. The bug is triggered when a GDB client sends a valid qfThreadInfo response followed by a malformed qsThreadInfo reply, causing memory corruption that can lead to denial of service or, if carefully crafted, to arbitrary code execution.

Affected Systems

The vulnerability affects the radare2 project, specifically the radare2 executable running version 6.1.5. No other versions are listed as affected in the advisory.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity assessment. EPSS data is not available, and the flaw is not listed in CISA KEV, but that does not reduce the risk. Remote exploitation is possible through the GDB remote debugging interface; an attacker who can reach the debug port on a machine running the vulnerable radare2 binary can trigger the flaw by sending the appropriate GDB protocol packets, potentially crashing the service or achieving code execution.

Generated by OpenCVE AI on May 15, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patched radare2 release that incorporates commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c, which removes the use‑after‑free bug.
  • If upgrading immediately is not possible, restrict network access to the GDB remote debugging socket or port so that only trusted hosts can connect, preventing attackers from sending malicious GDB packets.
  • If the GDB remote debugging feature is not required, disable it entirely to eliminate the attack surface altogether.

Generated by OpenCVE AI on May 15, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 18:00:00 +0000

Type Values Removed Values Added
References

Fri, 15 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
Title radare2 6.1.5 Use-After-Free via gdbr_threads_list()
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T17:34:27.374Z

Reserved: 2026-05-15T16:29:36.845Z

Link: CVE-2026-8695

cve-icon Vulnrichment

Updated: 2026-05-15T17:32:15.937Z

cve-icon NVD

Status : Received

Published: 2026-05-15T17:16:49.447

Modified: 2026-05-15T18:16:26.160

Link: CVE-2026-8695

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T19:00:07Z

Weaknesses