Platform
c
Component
radare2
Opgelost in
6.1.4
CVE-2026-40499 is een command injection kwetsbaarheid in radare2. Deze kwetsbaarheid bevindt zich in de PDB parser's print_gvars() functie en maakt het mogelijk om willekeurige commando's uit te voeren door een newline byte in de PE section header naam te plaatsen. Malicious PDB bestanden met speciaal geconstrueerde section namen kunnen r2 commando's injecteren die worden uitgevoerd. De kwetsbaarheid treft versies van radare2 tot en met 5590c87deeb7eb2a106fd7aab9ca88bfeebb7397.
CVE-2026-40499 in radare2, affecting versions prior to 6.1.4, presents a significant risk due to command injection. The PDB parser, specifically the print_gvars() function, is vulnerable if malicious PDB files are processed. An attacker can inject arbitrary commands into the operating system by embedding a newline byte within a section header name field in the PDB file. When the idp command processes this file, the injected commands are executed, potentially allowing unauthorized code execution, data theft, or system modification. The severity of this vulnerability depends on the context in which radare2 is used and the privileges of the user executing it.
Exploitation of CVE-2026-40499 requires an attacker who can create or modify malicious PDB files. These files contain carefully crafted section names that include newline bytes, enabling command injection. The attacker must ensure that the malicious PDB file is processed through radare2's idp command. This could be achieved by tricking a user into opening the file or by including the file in an automated environment where radare2 is used for file analysis. The effectiveness of the attack depends on the system configuration and the permissions of the user executing radare2.
Exploit Status
EPSS
0.17% (38% percentiel)
CISA SSVC
The primary mitigation for CVE-2026-40499 is to update radare2 to version 6.1.4 or later. This version includes a fix addressing the command injection vulnerability in the PDB parser. Additionally, exercise caution when processing PDB files from untrusted sources. Input validation and using a runtime environment with limited privileges can help reduce the potential impact of a successful attack. Monitoring system logs for unusual activity can also aid in detecting and responding to potential exploits.
Actualice a la versión 6.1.4 o posterior para mitigar la vulnerabilidad de inyección de comandos. Esta actualización corrige el problema al validar correctamente los nombres de las secciones en el parser PDB, evitando la ejecución de comandos arbitrarios.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
A PDB (Program Database) file is a debugging file used by Microsoft Windows to store information about programs, such as symbols, function names, and source code lines. It’s used for debugging and analyzing programs.
Run radare2 --version. If the version is prior to 6.1.4, you are vulnerable. Update to the latest available version.
Currently, there are no specific tools to detect malicious PDB files designed to exploit this vulnerability. Caution and source validation of PDB files are recommended.
Command injection is a type of security vulnerability that allows an attacker to execute arbitrary commands on an operating system by inserting malicious commands into an input that is interpreted as a command.
Isolate the affected system, update radare2 to the latest version, and perform a forensic analysis to determine the scope of the compromise.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.