CVE-2026-4174 identifies a resource consumption vulnerability in Radare2 version 5.9.9, specifically within the Mach-O file parser's walk_exports_trie function located in libr/bin/format/mach0/mach0.c. The issue arises when processing crafted Mach-O binaries, which can cause excessive resource usage, potentially leading to denial of service conditions such as application hang or crash due to exhaustion of CPU or memory resources. The attack vector is local, requiring an attacker to have local system access and low privileges, with no user interaction needed. The vulnerability was publicly disclosed on March 15, 2026, and a patch was released in version 6.1.2, identified by commit 4371ae84c99c46b48cb21badbbef06b30757aba0. Despite the disclosure, the Radare2 maintainer disputes the severity, stating it should not be classified as a DoS. The CVSS 4.0 base score is 4.8 (medium), reflecting limited impact and exploitability. No known exploits have been observed in the wild. The vulnerability primarily affects users of Radare2 who analyze Mach-O binaries, commonly used in macOS environments. The flaw does not impact confidentiality, integrity, or availability beyond resource consumption and potential denial of service.

The primary impact of CVE-2026-4174 is potential denial of service through resource exhaustion when processing malicious Mach-O files using Radare2 5.9.9. This could disrupt workflows for security researchers, reverse engineers, and developers relying on Radare2 for binary analysis, particularly on macOS platforms. While the attack requires local access, an attacker with such access could cause application unavailability or degraded performance, impacting productivity and incident response capabilities. The vulnerability does not lead to privilege escalation, data leakage, or code execution, limiting its broader impact. However, in environments where Radare2 is integrated into automated analysis pipelines or used in multi-user systems, resource consumption attacks could cause cascading disruptions. Given the niche user base and local attack vector, the global impact is moderate but significant for affected organizations.

To mitigate CVE-2026-4174, organizations should upgrade Radare2 to version 6.1.2 or later, which contains the patch addressing the resource consumption issue. Until upgrading is possible, restrict local access to systems running vulnerable Radare2 versions to trusted users only, minimizing the risk of exploitation. Implement resource usage monitoring and limits (e.g., CPU and memory quotas) on processes running Radare2 to detect and contain abnormal resource consumption. Avoid processing untrusted or suspicious Mach-O binaries with vulnerable Radare2 versions. Additionally, consider sandboxing Radare2 executions to limit potential impact. Regularly review and apply updates from Radare2 maintainers and monitor security advisories for related vulnerabilities. Finally, educate users about the risks of running untrusted binaries in analysis tools to reduce exposure.