CVE-2026-49495EPSS p1.6%

CVE-2026-49495CVE-2026-49495

nsa / ghidra

Description

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryError that crashes the entire JVM and loses all unsaved work.

Scoring

CVSS 5.5 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS0.11% probability of exploitation · percentile 1.6% · 2026-06-19T12:03:05Z
Last modified2026-06-11

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-52759
CVE
CVE-2026-49496
CVE
CVE-2026-52753
CVE
CVE-2026-49497
CVE
CVE-2026-52757
CVE
CVE-2024-58350
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.