A vulnerability, which was classified as problematic, has been found in radareorg radare2 up to 6.1.6. The affected element is the function
r_str_ndup/r_str_append of the file libr/util/str.c. The manipulation leads to integer overflow.
This vulnerability is traded as CVE-2026-14761. An attack has to be approached locally. Furthermore, there is an exploit available.
Applying a patch is the recommended action to fix this issue.