CVE-2026-40527 | radareorg radare2 ELF DW_TAG_formal_parameter os command injection

Inserito da Angelo Barbosa | Apr 17, 2026 | CVE

A vulnerability has been found in radareorg radare2 and classified as critical. Affected is the function DW_TAG_formal_parameter of the component ELF Handler. Performing a manipulation results in os command injection.

This vulnerability is reported as CVE-2026-40527. The attack requires a local approach. No exploit exists.

It is suggested to install a patch to address this issue.

CVE-2026-40527 | radareorg radare2 ELF DW_TAG_formal_parameter os command injection

Post correlati

CVE-2024-5848 | WSO2 API Manager/Open Banking AM Service Endpoint cross site scripting

CVE-2023-36629 | ST ST54-android-packages-apps-Nfc prior 130-20230215-23W07p0 on Android out-of-bounds

CVE-2024-41677 | QwikDev qwik up to 1.5.x cross site scripting (GHSA-2rwj-7xq8-4gx4)

CVE-2024-29171 | Dell BSAFE SSL-J up to 7.2.1 certificate validation (dsa-2024-221)