CVE-2026-49496: Ghidra Heap-Use-After-Free in Sleigh Decompiler—Patch v12.1
Ghidra, the NSA's open-source reverse engineering framework, contains a memory safety bug in its Sleigh decompilation engine that can corrupt heap memory. When processing malicious binaries, the vulnerability allows an attacker to trigger a use-after-free condition—where the software attempts to access memory that has already been freed. The flaw affects version 12.0 and earlier; upgrading to version 12.1 or later resolves the issue. While exploitation requires user interaction (opening a malicious binary), the memory corruption could lead to application crashes or, in carefully crafted scenarios, potential code execution.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.1 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
- Weaknesses (CWE)
- CWE-416
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-10 / 2026-07-14
NVD description (verbatim)
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-49496 is a heap-use-after-free vulnerability (CWE-416) in the SleighBuilder::generatePointerAdd function within Ghidra's Sleigh decompilation library. The root cause is iterator invalidation: when PcodeCacher::allocateInstruction reallocates the internal 'issued' vector during instruction caching, existing iterators pointing into that vector become invalid. Subsequent pointer arithmetic operations in SleighBuilder then dereference stale pointers, corrupting heap metadata or live objects. The vulnerability is exposed through the public Sleigh::oneInstruction C++ API, making any downstream application or library that consumes the SLEIGH library potentially affected. Exploitation does not require elevated privileges and occurs purely through decompilation of a crafted binary.
Business impact
Organizations using Ghidra or embedding the SLEIGH library in security analysis pipelines face denial-of-service risk: a malicious binary could crash the analysis tool, disrupting incident response, malware triage, or software analysis workflows. The memory corruption aspect introduces uncertainty about tool reliability—analysts may question whether results from a Ghidra session on a suspicious file are trustworthy. For teams running Ghidra in automated reverse-engineering or threat intelligence environments, this becomes a stability concern. The attack surface is limited to users who explicitly open untrusted binaries, so risk is proportional to your organization's handling of third-party or suspected-malicious executables.
Affected systems
Ghidra versions prior to 12.1 are affected. This includes all 12.0.x releases and earlier versions. The vulnerability specifically impacts the public Sleigh::oneInstruction C++ API, so affected parties include: (1) direct Ghidra users decompiling binaries via the GUI or command-line tools, and (2) downstream developers who have integrated the SLEIGH library as a dependency in custom reverse-engineering, binary analysis, or threat intelligence tools. Any tool statically or dynamically linking against vulnerable Ghidra/SLEIGH libraries is in scope.
Exploitability
Exploitability is practical but not trivial. An attacker must craft a malicious ELF, PE, or other binary format that, when parsed and decompiled by Ghidra, triggers the specific reallocation pattern in PcodeCacher that invalidates the iterator. This requires knowledge of Sleigh's internal caching behavior and the ability to engineer a binary that stresses the instruction cache in the right way. The attack requires user interaction—someone must open the malicious binary in Ghidra—making it suitable for targeted attacks against security researchers, analysts, or automated analysis pipelines that ingest untrusted files. It is not a network-exploitable vector and does not grant remote code execution by itself, though heap corruption could theoretically be leveraged for further exploitation in a chain.
Remediation
Upgrade Ghidra to version 12.1 or later. NSA has released fixes addressing the iterator invalidation in PcodeCacher and ensuring that SleighBuilder does not use invalidated iterators. Users unable to upgrade immediately should avoid decompiling untrusted or suspicious binaries until patching is complete, or run Ghidra in an isolated sandbox environment. For organizations embedding SLEIGH in custom tools, verify that your dependency management pulls in the patched version and rebuild/redeploy those applications.
Patch guidance
Visit the official NSA Ghidra release page (https://github.com/NationalSecurityAgency/ghidra/releases) and download Ghidra 12.1 or later. The patch is available as a binary release and source archive. For package manager distributions (Linux), check your distro's package repositories for Ghidra 12.1+. If you maintain a custom build or have integrated SLEIGH as a library, update your source dependency to the 12.1 tag or later commit. Apply the patch during your next maintenance window; the severity (CVSS 6.1 MEDIUM) does not require emergency out-of-band patching but should be prioritized within 30 days.
Detection guidance
On systems running Ghidra, verify the installed version (Help > About in the GUI, or `ghidra --version` on CLI) and confirm it is 12.1 or later. For custom tools embedding SLEIGH, check dependency manifests (pom.xml, CMakeLists.txt, build.gradle, etc.) and confirm the Ghidra/SLEIGH version specified is 12.1+. Monitor Ghidra process crashes or unusual memory behavior when decompiling files from untrusted sources; a crash with a heap corruption signature (e.g., malloc/free errors) could indicate exploitation attempts. Enable core dumps and examine heap allocator diagnostics if available.
Why prioritize this
This vulnerability should be patched within 30 days. The CVSS 6.1 MEDIUM rating reflects moderate risk: local attack surface, user interaction required, and no confidentiality impact. However, the memory corruption nature introduces tool reliability uncertainty, and the public API exposure means downstream libraries are also affected. Prioritize patching if your organization runs Ghidra against untrusted binaries regularly (threat research, malware analysis, third-party software vetting). If Ghidra is used only on internally-developed or trusted code, risk is lower, but patching remains prudent for long-term stability.
Risk score, explained
CVSS 3.1 score of 6.1 (MEDIUM) reflects: Attack Vector Local (malicious binary must be opened locally), Attack Complexity Low (once a suitable binary is crafted, the trigger is straightforward), Privileges Required None (no special privileges needed to run Ghidra), User Interaction Required (user must open the binary), Scope Unchanged (impact is limited to Ghidra process), Confidentiality None (no data disclosure), Integrity Low (heap corruption, potential for minor data corruption), Availability High (process crash is likely). The 'High' availability impact drives the score above 5.0; the requirement for local user interaction and lack of escalation to confidentiality loss prevents a higher score.
Frequently asked questions
Can this vulnerability be exploited remotely over the network?
No. The vulnerability requires local access to a malicious binary file and user interaction to open it in Ghidra. It cannot be exploited remotely over a network connection.
Does this affect Ghidra users who only decompile code they trust?
Minimal risk. If your organization decompiles only internally-developed code or thoroughly vetted third-party software, the attack surface is low. The risk increases significantly if you regularly analyze untrusted binaries (e.g., malware samples, third-party executables).
If we use Ghidra in an air-gapped or sandbox environment, are we protected?
Running Ghidra in isolation reduces blast radius but does not prevent the crash or memory corruption itself. Sandboxing is a reasonable temporary mitigation while awaiting patch deployment, but upgrading to 12.1+ is still necessary for long-term stability.
Does this vulnerability affect the Ghidra server or collaborative analysis features?
The vulnerability is in the core Sleigh decompilation engine, which is used by both the desktop GUI and server backend. If you run Ghidra Server and allow users to decompile untrusted binaries through it, the same risk applies. Patch Ghidra Server to 12.1+ as well.
This analysis is provided for informational and risk assessment purposes. SEC.co does not guarantee the accuracy or completeness of this information and makes no warranties regarding its use. Organizations should verify patch availability and compatibility in their specific environments before deployment. Consult the NSA Ghidra project page and your software vendor's official advisories for the most current guidance. This vulnerability description does not constitute a recommendation to patch immediately in all circumstances; prioritize based on your organization's use of Ghidra and exposure to untrusted binaries. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-52757MEDIUMGhidra Heap-Use-After-Free in Decompiler
- CVE-2025-60486MEDIUMHeap Use-After-Free in GPAC MP4Box MPEG-2 Dasher – DoS Vulnerability
- CVE-2026-10232MEDIUMAssimp Use-After-Free in ASE Parser (CVSS 5.3)
- CVE-2026-10703MEDIUMUse-After-Free in EIPStackGroup OpENer Remote Code Execution Risk
- CVE-2026-11073MEDIUMChrome WebGL Use-After-Free Information Disclosure
- CVE-2026-11208MEDIUMUse-After-Free in Chrome Codecs – Information Disclosure Vulnerability
- CVE-2026-11249MEDIUMChrome Use-After-Free Information Disclosure Vulnerability
- CVE-2026-11623MEDIUMUse-After-Free in tmux 3.6a Image Handling – MEDIUM Severity