CVE-2026-14760 (GCVE-0-2026-14760)
Vulnerability from cvelistv5 – Published: 2026-07-05 15:30 – Updated: 2026-07-06 15:40 X_Open Source
VLAI
EPSS
VEX
Title
radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free
Summary
A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376349 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376349/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14760 | third-party-advisory |
| https://vuldb.com/submit/850384 | third-party-advisory |
| https://github.com/radareorg/radare2/issues/26044 | exploitissue-tracking |
| https://github.com/radareorg/radare2/commit/8b25c… | patch |
| https://github.com/radareorg/radare2/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:40:53.795645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:40:58.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/850384"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:radareorg:radare2:*:*:*:*:*:*:*:*"
],
"modules": [
"regprofile Handler"
],
"product": "radare2",
"vendor": "radareorg",
"versions": [
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kery Qi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T15:30:08.954Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376349 | radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376349"
},
{
"name": "VDB-376349 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376349/cti"
},
{
"name": "CVE-2026-14760 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14760"
},
{
"name": "Submit #850384 | radareorg radare2 6.1.6 Use After Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/850384"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/radareorg/radare2/issues/26044"
},
{
"tags": [
"patch"
],
"url": "https://github.com/radareorg/radare2/commit/8b25c773785d85cb0103410a0905089d286921c2"
},
{
"tags": [
"product"
],
"url": "https://github.com/radareorg/radare2/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T18:24:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14760",
"datePublished": "2026-07-05T15:30:08.954Z",
"dateReserved": "2026-07-04T16:19:36.825Z",
"dateUpdated": "2026-07-06T15:40:58.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-14760",
"date": "2026-07-09",
"epss": "0.00135",
"percentile": "0.03319"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-14760\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-07-05T16:19:44.740\",\"lastModified\":\"2026-07-09T15:47:37.090\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.\"}],\"affected\":[{\"source\":\"cna@vuldb.com\",\"affectedData\":[{\"vendor\":\"radareorg\",\"product\":\"radare2\",\"cpes\":[\"cpe:2.3:a:radareorg:radare2:*:*:*:*:*:*:*:*\"],\"modules\":[\"regprofile Handler\"],\"versions\":[{\"version\":\"6.1.0\",\"status\":\"affected\"},{\"version\":\"6.1.1\",\"status\":\"affected\"},{\"version\":\"6.1.2\",\"status\":\"affected\"},{\"version\":\"6.1.3\",\"status\":\"affected\"},{\"version\":\"6.1.4\",\"status\":\"affected\"},{\"version\":\"6.1.5\",\"status\":\"affected\"},{\"version\":\"6.1.6\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":1.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.1,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T15:40:53.795645Z\",\"id\":\"CVE-2026-14760\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.8\",\"matchCriteriaId\":\"CF1DC775-F4C0-46BB-A813-5CD84451418C\"}]}]}],\"references\":[{\"url\":\"https://github.com/radareorg/radare2/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/radareorg/radare2/commit/8b25c773785d85cb0103410a0905089d286921c2\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/radareorg/radare2/issues/26044\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://vuldb.com/cve/CVE-2026-14760\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/submit/850384\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/376349\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/376349/cti\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/submit/850384\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-14760\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T15:40:53.795645Z\"}}}], \"references\": [{\"url\": \"https://vuldb.com/submit/850384\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T15:40:28.726Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Kery Qi (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 1.7, \"vectorString\": \"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:radareorg:radare2:*:*:*:*:*:*:*:*\"], \"vendor\": \"radareorg\", \"modules\": [\"regprofile Handler\"], \"product\": \"radare2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0\"}, {\"status\": \"affected\", \"version\": \"6.1.1\"}, {\"status\": \"affected\", \"version\": \"6.1.2\"}, {\"status\": \"affected\", \"version\": \"6.1.3\"}, {\"status\": \"affected\", \"version\": \"6.1.4\"}, {\"status\": \"affected\", \"version\": \"6.1.5\"}, {\"status\": \"affected\", \"version\": \"6.1.6\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-07-04T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-07-04T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-07-04T18:24:53.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/376349\", \"name\": \"VDB-376349 | radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/376349/cti\", \"name\": \"VDB-376349 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/cve/CVE-2026-14760\", \"name\": \"CVE-2026-14760 | CVE Analysis and Report\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/submit/850384\", \"name\": \"Submit #850384 | radareorg radare2 6.1.6 Use After Free\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/radareorg/radare2/issues/26044\", \"tags\": [\"exploit\", \"issue-tracking\"]}, {\"url\": \"https://github.com/radareorg/radare2/commit/8b25c773785d85cb0103410a0905089d286921c2\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/radareorg/radare2/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-07-05T15:30:08.954Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-14760\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T15:40:58.650Z\", \"dateReserved\": \"2026-07-04T16:19:36.825Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-07-05T15:30:08.954Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…