CVE-2026-40527
⚠️ highSummary
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.
CVSS Score
7.8
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-04-17
First Seen: 2026-04-20
📊 Relative Risk Intelligence
This CVE is Moderate Risk - more severe than 69.6% of all 329,456 vulnerabilities in our database.
#100,230
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 20, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Shota Zaizen
SSVC data provided by
CISA
Last Modified
2026-06-05
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Vector 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)