HIGHCVE-2026-26201Published 2026-02-19Modified 2026-02-19CNA GitHub_M

CVE-2026-26201: emp3r0r Affected by Concurrent Map Access DoS (panic/crash)

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process crash (availability loss). Version 3.21.2 fixes this issue.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

jm33-m0 / emp3r0r
< 3.21.2

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

References

https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-f5p9-j34q-pwcc
https://github.com/jm33-m0/emp3r0r/commit/ea4d074f081dac6293f3aec38f01def5f08d5af5
https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.2

Metrics