External risk intelligence

Radare2-mcp allows attackers to run any command on your system.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-6942

An external attacker can exploit a flaw in radare2-mcp to remotely execute unauthorized commands on your system. This could allow them to gain full control of the host, leading to potential data theft or further compromise of your network.

2Halo Surface Signal

OS Command Injection

Radare2 Mcp Server

before 1.7.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-6942

The product is a developer-focused bridge tool designed to integrate local analysis software with LLM interfaces. It is typically deployed within local or isolated environments for development and research. While the service provides a JSON-RPC interface that could be reachable over a network, it is not intended for public internet exposure, and such a configuration is non-standard.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

An os command injection vulnerability in radare2-mcp allows attackers to execute arbitrary commands on a host. This is possible by sending specially crafted input through the jsonrpc interface, bypassing filters and enabling remote code execution without authentication.

  • Remote execution is possible.
  • Requires no authentication.
  • Affects radare2-mcp versions 1.6.0 and earlier.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending specially crafted JSON-RPC requests to the `radare2-mcp` service. By injecting shell metacharacters into user-controlled input passed to the `r2_cmd_str()` function, attackers can bypass filters and execute arbitrary commands on the host system. This attack does not require any authentication and can be performed remotely.

  • Unauthenticated network access required.
  • Targets JSON-RPC interface parameters.
  • Shell metacharacter bypass is the key.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in radare2-mcp presents a critical risk due to its unauthenticated remote command injection capabilities. Attackers are likely to target this flaw because it allows for direct code execution without requiring any prior access or interaction from the user, making it highly attractive for widespread exploitation. The bypass of command filters via shell metacharacters is a well-understood technique for achieving such intrusions.

  • No evidence of active exploitation.
  • Public exploit code is not yet observed.
  • The vulnerability is recently disclosed.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate patching of radare2-mcp for CVE-2026-6942, as it allows unauthenticated remote command execution. If patching is delayed, isolate affected services and monitor for suspicious network activity.

  • Patch radare2-mcp to a fixed version.
  • Isolate affected services from the network.
  • Monitor for shell metacharacter usage.

Frequently asked questions

What is radare2-mcp and what is it used for?

Radare2-mcp is a bridge tool that integrates the radare2 reverse engineering framework with large language model (LLM) interfaces. It's typically used by developers and security researchers for local analysis and development tasks.

What kind of vulnerability is CVE-2026-6942 in radare2-mcp?

CVE-2026-6942 is an OS command injection vulnerability. This means an attacker can trick the software into running arbitrary operating system commands on the host machine by sending specially crafted input.

How could an attacker exploit CVE-2026-6942 in radare2-mcp?

An attacker could exploit this by sending malicious commands through the JSON-RPC interface. By using shell metacharacters, they can bypass filters in the `r2_cmd_str()` function, leading to command execution without needing any authentication.

Who should be concerned about CVE-2026-6942, considering its exposure?

While the Halo Surface Signal indicates this product is typically used internally, the vulnerability has an external classification due to its network-accessible interface. This means any system running radare2-mcp that is exposed to the internet or accessible from untrusted networks should be concerned.

What is the first step to address CVE-2026-6942 if I am running radare2-mcp?

The primary response is to update radare2-mcp to a version that addresses CVE-2026-6942. If an immediate patch isn't possible, isolating the affected service from the network is a crucial temporary measure.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified