cvedb.io
CVE-2026-49497
LOW · CVSS 3.3
EPSS exploitation probability: 0%
Published 2026-06-10T14:16:34.643 · Last modified 2026-06-17T10:55:42.797

Summary

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.

Affected products

nsa — ghidra

Does this affect you?

Add your gear to cvedb and we'll alert you only when nsa ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.