CVE-2026-26201
Received Received - Intake
Concurrent Map Access Crash in emp3r0r C2 Causes Availability Loss

Publication date: 2026-02-19

Last updated on: 2026-02-26

Assigner: GitHub, Inc.

Description
emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process crash (availability loss). Version 3.21.2 fixes this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-26
Generated
2026-05-27
AI Q&A
2026-02-19
EPSS Evaluated
2026-05-25
NVD
CVE-2026-26201
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jm33-m0 emp3r0r to 3.21.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-663 The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in emp3r0r, a command and control (C2) software designed for Linux environments. Prior to version 3.21.2, the software accesses multiple shared maps without proper synchronization across goroutines. This lack of synchronization can cause the Go runtime to trigger a fatal error due to concurrent map read and write operations, which leads to the crash of the C2 process.


How can this vulnerability impact me? :

This vulnerability can cause the emp3r0r C2 process to crash unexpectedly under concurrent activity. The crash results in a loss of availability of the C2 service, potentially disrupting operations that rely on this software.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade emp3r0r to version 3.21.2 or later, where the issue with concurrent map access causing process crashes has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart