CVE-2026-40527
Analyzed Analyzed - Analysis Complete
Command Injection in radare2 ELF DWARF Parameter Handling

Publication date: 2026-04-17

Last updated on: 2026-06-05

Assigner: VulnCheck

Description
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40527
EUVD
EUVD-2026-23534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radare radare2 to 6.1.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in radare2 versions prior to commit bc5a890 and involves command injection through the afsv/afsvj command path.

Attackers can craft malicious ELF binaries that embed harmful radare2 command sequences within DWARF debugging information, specifically in the DW_TAG_formal_parameter names.

When radare2 analyzes such a crafted binary using the 'aaa' command and subsequently runs 'afsvj', these embedded shell commands get executed due to unsanitized parameter interpolation in the 'pfq' command string.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary shell commands on the system running radare2 when analyzing a maliciously crafted ELF binary.

Such arbitrary command execution can lead to full compromise of confidentiality, integrity, and availability of the affected system.

Compliance Impact

The vulnerability allows arbitrary shell command execution through crafted ELF binaries analyzed by radare2, potentially leading to unauthorized access, data manipulation, or system compromise.

Such unauthorized access and potential data breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations.

However, specific impacts on compliance depend on the environment in which radare2 is used and the nature of the data processed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40527. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart