CVE-2026-6942 | radareorg radare2 up to 1.5.x Jsonrpc Interface r2_cmd_str os command injection (Issue 45)

Inserito da Angelo Barbosa | Apr 23, 2026 | CVE

A vulnerability classified as critical was found in radareorg radare2 up to 1.5.x. Affected is the function r2_cmd_str of the component Jsonrpc Interface. The manipulation results in os command injection.

This vulnerability is identified as CVE-2026-6942. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-6942 | radareorg radare2 up to 1.5.x Jsonrpc Interface r2_cmd_str os command injection (Issue 45)

Post correlati

CVE-2024-3716 | Red Hat Satellite 6 foreman-installer password information disclosure

CVE-2024-55213 | dhtmlxFileExplorer 8.4.6 File Listing path traversal

CVE-2024-52925 | OPSWAT MetaDefender Kiosk up to 4.6.x code injection

CVE-2024-38827 | VMware Spring Security up to 6.3.4 Authorization Rule String.toLowerCase/String.toUpperCase authorization