CVE Catalog

CVE-2026-49497

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

4th percentile — higher than 4% of all known CVEs

Summary

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.

Risk Assessment

This vulnerability may lead to the disclosure of sensitive filesystem information and data leakage, posing a serious threat to organizational security.

Recommendation

It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability and conduct a security audit to identify potential threats.

Original NVD description (English source)

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS