High severity7.5NVD Advisory· Published May 15, 2026· Updated May 15, 2026

CVE-2026-8695

Description

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.

Affected products

Radareorg/Radare2references

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683cnvd
github.com/radareorg/radare2/issues/25835nvd
github.com/radareorg/radare2/issues/25836nvd
www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-threads-listnvd

News mentions

A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Unit 42 · Apr 16, 2026

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000