CVE-2026-49496EPSS p2.4%

CVE-2026-49496CVE-2026-49496

nsa / ghidra

Description

Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS0.12% probability of exploitation · percentile 2.4% · 2026-06-18T12:00:27Z
Last modified2026-06-11

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2024-58350
CVE
CVE-2026-52757
CVE
CVE-2026-49497
CVE
CVE-2026-49495
CVE
CVE-2026-52753
CVE
CVE-2026-52759
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.