CVE-2026-49497
LOWGhidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
Title source: cnaDescription
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-57g6-7qw2-p5hx)
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-57g6-7qw2-p5hx
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ghidra-path-traversal-via-gnu-debuglink-in-dwarf-external-debug-file-resolution
Scores
CVSS v3
3.3
EPSS
0.0014
EPSS Percentile
3.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (3)
nationalsecurityagency/ghidra
< 12.1
nationalsecurityagency/ghidra
12.1
nsa/ghidra
< 12.1
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026