lowCVE-2026-14787

CVE-2026-14787 radare2 vulnerability

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmd_print in the library libr/core/cmd_print.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: 2b6265476c75567006b0fcbb749f4ae7b189c5df. It is recommended to apply a patch to fix this issue.

Productradare2
CVSS1.9
EPSSNot scored yet
UpdatedJuly 13, 2026

Quick answer

radare2 should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

CVE-2026-14787 affects radare2 when analyzing crafted local files or inputs. Install a build containing patch 2b6265476c75 or a later upstream release, ensure the referenced patch 2b6265476c75 is present, and sandbox any workflow that processes untrusted binaries. Affected ranges in the local record are 6.1.0 through 6.1.6.

  1. Inventory developer workstations, CI jobs, malware-analysis workers, upload pipelines, and services that invoke radare2 or link against radare2 libraries.
  2. Identify any workflow that analyzes files supplied by users, customers, scanners, malware feeds, crash reproducers, or automated test corpora.
  3. Upgrade radare2 to a build containing patch 2b6265476c75 or a later upstream release, or rebuild from upstream with the referenced security patch applied.
  4. Rebuild dependent tools and containers so they use the patched radare2 binary and libraries rather than an older system package.
  5. Run radare2 analysis in a sandbox with low privileges, resource limits, no sensitive filesystem access, and no production credentials.
  6. Temporarily block or quarantine untrusted file analysis until patched workers are deployed everywhere.
  7. Review crash reports and analysis logs for segmentation faults, heap corruption, integer overflows, use-after-free symptoms, or repeated crafted samples tied to CVE-2026-14787.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm radare2 version and package metadata show a build containing patch 2b6265476c75 or a later upstream release, or verify the relevant patch commit is included in the deployed build.
  • Run the affected parser or command path against known regression samples and confirm the process does not crash or corrupt memory.
  • Check CI and container images to ensure no older radare2 binary remains earlier in PATH or linked by dependent tools.
  • Open the generated Fixnx page and confirm the canonical URL ends with radare2-cve-2026-14787.
  • Re-run sitemap validation and confirm radare2-cve-2026-14787 appears once in sitemap.xml with the full CVE-2026-14787 suffix.

Trusted references

FAQ

What is affected by CVE-2026-14787?

radare2 should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

How are Fixnx security risk categories chosen?

Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.