Path Traversal Vulnerability in radare2 Affects Project Notes Handling
CVE-2026-6941

6.9MEDIUM

Key Information:

Vendor: Radareorg
Status: Radare2
Vendor: CVE Published:; 23 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-6941?

radare2, prior to version 6.1.4, is susceptible to a path traversal vulnerability affecting its project notes handling feature. By exploiting a crafted .zrp archive containing a symlinked notes.txt file, an attacker can circumvent directory confinement measures. This can lead to unauthorized file read or write operations outside the designated project directory, potentially exposing sensitive data and system files. Properly configured systems should ensure updates are applied to mitigate this security risk.

Affected Version(s)

radare2 0 < 6.1.4

radare2 0 < 4bcdee725ff0754ed721a98789c0af371c5f32a4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-6941 - Proof of Concept

References

https://github.com/radareorg/radare2/pull/25831

technical-descriptionexploit

https://github.com/radareorg/radare2/commit/4bcdee725ff07...

issue-tracking

https://www.vulncheck.com/advisories/radare2-project-note...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 23, 2026
👾
Exploit known to exist
Apr 23, 2026
Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

Chia Min Jun Lennon

CVE-2026-6941 Data

JSON

Radareorg