CVE-2026-49496
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Ghidra before version 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd, caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API.
Risk Assessment
This vulnerability may lead to memory corruption, creating a risk of executing malicious code by attackers. It can affect users of the SLEIGH library who utilize Ghidra.
Recommendation
It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability. Additionally, monitor and analyze the use of the Sleigh::oneInstruction interface in the context of security.
Original NVD description (English source)
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers.

