CVE-2026-40527
Received Received - Intake
Command Injection in radare2 ELF DWARF Parameter Handling

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: VulnCheck

Description
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-05-07
AI Q&A
2026-04-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-40527
EUVD
EUVD-2026-23534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radare2 radare2 to bc5a890 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in radare2 versions prior to commit bc5a890 and involves command injection through the afsv/afsvj command path.

Attackers can craft malicious ELF binaries that embed harmful radare2 command sequences within DWARF debugging information, specifically in the DW_TAG_formal_parameter names.

When radare2 analyzes such a crafted binary using the 'aaa' command and subsequently runs 'afsvj', these embedded shell commands get executed due to unsanitized parameter interpolation in the 'pfq' command string.


How can this vulnerability impact me? :

This vulnerability allows an attacker to execute arbitrary shell commands on the system running radare2 when analyzing a maliciously crafted ELF binary.

Such arbitrary command execution can lead to full compromise of confidentiality, integrity, and availability of the affected system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows arbitrary shell command execution through crafted ELF binaries analyzed by radare2, potentially leading to unauthorized access, data manipulation, or system compromise.

Such unauthorized access and potential data breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations.

However, specific impacts on compliance depend on the environment in which radare2 is used and the nature of the data processed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart