Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Radare›Applicationnvd

Radare2 Mcp Server

Vulnerabilities

1

Known exploited

0

Max CVSS

9.3

Top EPSS

0.0192

Severity breakdown

Critical

1

High

0

Medium

0

Low

0

Affected version ranges

< 1.7.0

Also matched as (raw): radare2_mcp_server

Top vulnerabilities

CVE-2026-6942radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mcp without requiring authentication.

View vendor →Open in catalog with product filter →