CVE-2026-4174 identifies a resource consumption vulnerability in Radare2 version 5.9.9, specifically within the Mach-O file parser's walk_exports_trie function located in libr/bin/format/mach0/mach0.c. This function processes Mach-O binary export information, and improper handling of crafted input can cause excessive resource usage, such as CPU or memory exhaustion. The vulnerability requires local attacker access with low privileges and does not require user interaction or elevated permissions. The flaw does not affect confidentiality, integrity, or availability directly but can degrade system performance or cause denial-of-service conditions by exhausting resources. The vulnerability was publicly disclosed on March 15, 2026, with no known active exploits in the wild. The Radare2 maintainer has downplayed the severity, stating it is not a true DoS. However, the issue is addressed by upgrading to Radare2 version 6.1.2, which includes a patch identified by commit 4371ae84c99c46b48cb21badbbef06b30757aba0. This patch corrects the resource handling in the vulnerable function, preventing exploitation. The vulnerability has a CVSS v4.0 base score of 4.8, reflecting medium severity due to local attack vector, low complexity, and limited impact scope.

The primary impact of CVE-2026-4174 is resource exhaustion on systems running Radare2 version 5.9.9, potentially leading to degraded performance or denial-of-service conditions. Since exploitation requires local access with low privileges, remote attackers cannot leverage this vulnerability directly. However, in environments where Radare2 is used for binary analysis or reverse engineering, an unprivileged local user could intentionally or accidentally trigger resource consumption, impacting system stability or availability of analysis tools. This could disrupt development, security research, or incident response activities relying on Radare2. The vulnerability does not compromise confidentiality or integrity of data. Organizations with multi-user systems or shared environments where Radare2 is installed are at higher risk. Although no known exploits are active, the public disclosure increases the likelihood of future exploitation attempts, especially in targeted local attack scenarios.

To mitigate CVE-2026-4174, organizations should upgrade Radare2 to version 6.1.2 or later, which contains the official patch addressing the resource consumption issue. If immediate upgrade is not feasible, restrict local access to systems running vulnerable Radare2 versions to trusted users only. Implement strict user privilege management and monitoring to detect unusual resource usage patterns that may indicate exploitation attempts. Consider running Radare2 in isolated or sandboxed environments to limit potential impact. Additionally, security teams should review local user activity logs for signs of suspicious behavior involving Radare2. Incorporating resource usage limits or cgroups on Linux systems may help contain excessive resource consumption. Regularly update and audit software dependencies to prevent exploitation of known vulnerabilities.