PatchSiren cyber security CVE debrief
CVE-2026-14757 radareorg CVE debrief
CVE-2026-14757 is an integer overflow vulnerability in Radare2 up to 6.1.6. The vulnerability affects the core_anal_bytes function in libr/core/cmd_anal.inc and requires local access to be exploited. This issue allows local attackers to potentially exploit the vulnerability. The CVE record was published on 2026-07-05T15:16:56.810Z and was last modified on 2026-07-07T22:46:20.453Z. Users of Radare2 up to version 6.1.6 should be aware of this vulnerability and take steps to mitigate it.
- Vendor
- radareorg
- Product
- radare2
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-05
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-05
- Advisory updated
- 2026-07-07
Who should care
Users of Radare2 up to version 6.1.6 should be aware of this vulnerability and take steps to mitigate it. The vulnerability has been publicly disclosed and may be utilized by attackers. Security teams and vulnerability management teams should review the vulnerability and plan for mitigation.
Technical summary
The vulnerability is caused by an integer overflow in the core_anal_bytes function of Radare2, located in libr/core/cmd_anal.inc. This issue allows local attackers to potentially exploit the vulnerability. The CVE record was published on 2026-07-05T15:16:56.810Z and was last modified on 2026-07-07T22:46:20.453Z. The vulnerability has been publicly disclosed and may be utilized by attackers. Users of Radare2 up to version 6.1.6 should be aware of this vulnerability and take steps to mitigate it by applying patches or updating to a version beyond 6.1.6. Security teams should review the vulnerability and plan for mitigation, and monitor for potential exploitation attempts.
Defensive priority
Low priority due to local attack requirement and low CVSS score of 1.9. However, users of Radare2 up to version 6.1.6 should still take steps to mitigate the vulnerability.
Recommended defensive actions
- Apply the patch to address the integer overflow vulnerability in Radare2.
- Update Radare2 to a version beyond 6.1.6.
- Monitor for and track any potential exploitation attempts.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE and NVD records provide limited information about the vulnerability. Further analysis and verification are needed to fully understand the impact and potential mitigations. Evidence is based on official CVE and NVD records with limited additional detail. The vulnerability affects the core_anal_bytes function in libr/core/cmd_anal.inc and requires local access to be exploited. No additional information is available from other sources.
Official resources
-
CVE-2026-14757 CVE record
CVE.org
-
CVE-2026-14757 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Source reference
[email protected] - Exploit, Issue Tracking
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Source reference
[email protected] - Permissions Required, VDB Entry
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-05T15:16:56.810Z and has not been modified since then.