CVE-2026-52757
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Ghidra before version 12.1 contains a heap-use-after-free vulnerability in the HighVariable::merge() function during the variable merging pass. Attackers can exploit this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized access to memory, potentially resulting in the disclosure of sensitive data or application instability. Organizations should be aware of the risks associated with opening potentially malicious files in Ghidra.
Recommendation
It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability. Additionally, avoid opening unknown or suspicious binary files in the decompiler.
Original NVD description (English source)
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.

