CVE-2026-49498

Name of the Vulnerable Software and Affected Versions Ghidra versions 11.0 through 12.0

Description A SQL injection issue exists in the changePassword() function of the PostgresFunctionDatabase. The system fails to escape double quotes in usernames that are interpolated into ALTER ROLE statements. Authenticated attackers can exploit this by sending crafted username parameters within PasswordChange network messages to execute arbitrary SQL commands, allowing them to escalate privileges to PostgreSQL superuser and obtain full control of the database.

Recommendations Update to version 12.1. As a temporary workaround, restrict access to the changePassword() function within the PostgresFunctionDatabase to minimize the risk of exploitation.