CVE Catalog

CVE-2026-52757

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile — higher than 2% of all known CVEs

Summary

Ghidra before version 12.1 contains a heap-use-after-free vulnerability in the HighVariable::merge() function during the variable merging pass. Attackers can exploit this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to memory, potentially resulting in the disclosure of sensitive data or application instability. Organizations should be aware of the risks associated with opening potentially malicious files in Ghidra.

Recommendation

It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability. Additionally, avoid opening unknown or suspicious binary files in the decompiler.

Original NVD description (English source)

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS