CVE-2026-49497
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.
Risk Assessment
This vulnerability may lead to the disclosure of sensitive filesystem information and data leakage, posing a serious threat to organizational security.
Recommendation
It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability and conduct a security audit to identify potential threats.
Original NVD description (English source)
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.

