CVE-2026-26201 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2026-26201

CVE-2026-26201

February 19, 2026

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger "fatal error: concurrent map read and map write", causing C2 process crash (availability loss). Version 3.21.2 fixes this issue.

Affected Packages

https://github.com/jm33-m0/emp3r0r.git (GITHUB):

Affected version(s) =v3.21.1 <v3.21.2

Fix Suggestion:

Update to version v3.21.2

github.com/jm33-m0/emp3r0r/core (GO):

Affected version(s) >=v0.0.0-20201218095716-f8e4b2776a79 <v0.0.0-20260212232424-ea4d074f081d

Fix Suggestion:

Update to version v0.0.0-20260212232424-ea4d074f081d

Related Resources (5)

https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.2

https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-f5p9-j34q-pwcc

https://nvd.nist.gov/vuln/detail/CVE-2026-26201

https://github.com/jm33-m0/emp3r0r

https://github.com/jm33-m0/emp3r0r/commit/ea4d074f081dac6293f3aec38f01def5f08d5af5

Do you need more information?

CVSS v4

Base Score:

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

PRESENT

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

HIGH

CVSS v3

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Use of a Non-reentrant Function in a Concurrent Context

CWE-663

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

EPSS

Base Score:

0.04

Products

Solutions

Resources

Company

Compare

Developer Tools