CVE-2026-52757

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.1

Description A heap-use-after-free issue exists in the decompiler's HighVariable::merge() function during the variable merging pass. This occurs when a user opens a specially crafted binary in the decompiler view, causing stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced. This allows for reading and writing the flags field of freed heap memory.

Recommendations Update to version 12.1 or later.