CVE-2026-49496

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.1

Description A heap-use-after-free issue exists in the SleighBuilder::generatePointerAdd function. This occurs due to iterator invalidation when the PcodeCacher::allocateInstruction function reallocates the issued vector. Attackers can cause memory corruption by decompiling malicious binaries via the public Sleigh::oneInstruction C++ API, which impacts downstream consumers of the SLEIGH library.

Recommendations Update to version 12.1 or later.