Vulnerability Description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | <= 6.1.4 |
Related Weaknesses (CWE)
References
- https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1Patch
- https://github.com/radareorg/radare2/issues/25836ExploitIssue Tracking
- https://www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-pids-listThird Party Advisory
- https://github.com/radareorg/radare2/issues/25836ExploitIssue Tracking
FAQ
What is CVE-2026-8696?
CVE-2026-8696 is a vulnerability with a CVSS score of 7.5 (HIGH). radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbit...
How severe is CVE-2026-8696?
CVE-2026-8696 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8696?
Check the references section above for vendor advisories and patch information. Affected products include: Radare Radare2.