CVE-2026-49497EPSS p3.5%

CVE-2026-49497CVE-2026-49497

nsa / ghidra

Description

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.

Scoring

CVSS 3.3 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS0.14% probability of exploitation · percentile 3.5% · 2026-06-17T12:03:21Z
Last modified2026-06-11

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-49496
CVE
CVE-2026-52756
CVE
CVE-2026-52752
CVE
CVE-2026-52755
CVE
CVE-2026-49495
CVE
CVE-2026-52753
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.