CVE-2026-26201
Received Received - Intake
Concurrent Map Access Crash in emp3r0r C2 Causes Availability Loss

Publication date: 2026-02-19

Last updated on: 2026-02-26

Assigner: GitHub, Inc.

Description
emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process crash (availability loss). Version 3.21.2 fixes this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26201
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jm33-m0 emp3r0r to 3.21.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-663 The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in emp3r0r, a command and control (C2) software designed for Linux environments. Prior to version 3.21.2, the software accesses multiple shared maps without proper synchronization across goroutines. This lack of synchronization can cause the Go runtime to trigger a fatal error due to concurrent map read and write operations, which leads to the crash of the C2 process.

Impact Analysis

This vulnerability can cause the emp3r0r C2 process to crash unexpectedly under concurrent activity. The crash results in a loss of availability of the C2 service, potentially disrupting operations that rely on this software.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade emp3r0r to version 3.21.2 or later, where the issue with concurrent map access causing process crashes has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26201. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart