PatchSiren

radareorg CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW radareorg CVE published 2026-07-05

CVE-2026-14760

A use after free vulnerability was identified in radare2, a reverse engineering framework, in the regprofile handler. The vulnerability exists in the r_core_seek_arch_bits function of the libr/core/disasm.c file. Local access is required to exploit this vulnerability. The attack requires specific conditions to be met, and a patch has been made available to correct this issue. Users of radare2 should be aw [truncated]

LOW radareorg CVE published 2026-07-05

CVE-2026-14757

CVE-2026-14757 is an integer overflow vulnerability in Radare2 up to 6.1.6. The vulnerability affects the core_anal_bytes function in libr/core/cmd_anal.inc and requires local access to be exploited. This issue allows local attackers to potentially exploit the vulnerability. The CVE record was published on 2026-07-05T15:16:56.810Z and was last modified on 2026-07-07T22:46:20.453Z. Users of Radare2 up to v [truncated]