CVE-2026-14757
Severity CVSS v4.0:
LOW
Type:
CWE-189
Numeric Errors
Publication date:
05/07/2026
Last modified:
07/07/2026
Description
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue.
Impact
Base Score 4.0
1.90
Severity 4.0
LOW
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:* | 6.1.0 (including) | 6.1.8 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



