Heap Overflow Vulnerability in Rizin Command-Line Toolset
CVE-2026-22780

4.4MEDIUM

Key Information:

Vendor

Rizinorg

Status
Rizin
Vendor
CVE Published:
2 February 2026

What is CVE-2026-22780?

Rizin, a UNIX-like reverse engineering framework, is vulnerable to a heap overflow when processing malicious mach0 files with incorrect dyld chained segment entries. This exploit can potentially allow unauthorized access or manipulation of the tool's memory. The issue has been resolved in Rizin version 0.8.2, following a series of security advisories and community discussions. The vulnerability emphasizes the importance of keeping reverse engineering tools up to date to mitigate the risks associated with malicious file parsing.

Affected Version(s)

rizin < 0.8.2

References

https://github.com/rizinorg/rizin/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/rizinorg/rizin/issues/5768
x_refsource_MISC
https://github.com/rizinorg/rizin/pull/5770
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.