CVE-2026-26201 HIGH

CVE-2026-26201: emp3r0r Affected by Concurrent Map Access DoS (panic/crash)

Vendor Jm33-M0
Product emp3r0r
Weakness CWE-362
Published February 19, 2026
Last update February 19, 2026

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process crash (availability loss). Version 3.21.2 fixes this issue.

Key dates

02Disclosure timeline

February 19, 2026 CVE published
February 19, 2026 Record updated