High severity7.5NVD Advisory· Published May 15, 2026· Updated May 18, 2026
CVE-2026-8695
CVE-2026-8695
Description
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote debugging to cause a denial of service or potentially achieve code execution by manipulating thread list processing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4Patches
Vulnerability mechanics
References
4- github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683cnvdPatch
- github.com/radareorg/radare2/issues/25835nvdExploitIssue Tracking
- github.com/radareorg/radare2/issues/25836nvdExploitIssue Tracking
- www.vulncheck.com/advisories/radare2-use-after-free-via-gdbr-threads-listnvdThird Party Advisory
News mentions
0No linked articles in our index yet.