CVE-2026-40517 - radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names
CVE ID :CVE-2026-40517 Published : April 22, 2026, 10:16 p.m. | 1 hour, 24 minutes ago Description :radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] AI hacking fears rise as South Korea warns of new cyber threat
- [CYBER] CVE-2026-41211 - `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`
- [CYBER] CVE-2026-5752 — Cohere AI's Terrarium sandbox (used to run LLM-generated code) has a CVSS 9.3 prototype chain escape to root. No patch. Worth discussing the AI infrastructure threat model.
- [CYBER] Tool recommendations for vuln/CVE research
- [CYBER] CVE-2026-41208 - Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution
- [CYBER] CVE-2026-41206 - PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code