PatchSiren cyber security CVE debrief
CVE-2026-52759 Ghidra CVE debrief
CVE-2026-52759 is a MEDIUM severity vulnerability in Ghidra before 12.1.1. The vulnerability is caused by an uncontrolled memory allocation in the Mach-O binary parser, which allows attackers to cause a denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.
- Vendor
- Ghidra
- Product
- Unknown
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of Ghidra before version 12.1.1 should apply the patch to prevent denial of service attacks.
Technical summary
The vulnerability is caused by an uncontrolled memory allocation in the Mach-O binary parser. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch by upgrading to Ghidra version 12.1.1 or later.
- Restrict access to the Ghidra application to trusted users only.
- Monitor the Ghidra application for unusual activity.
Evidence notes
The vulnerability was reported by [redacted] and is tracked by CVE-2026-52759.
Official resources
-
CVE-2026-52759 CVE record
CVE.org
-
CVE-2026-52759 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-52759 was published on [cvePublishedAt] and modified on [cveModifiedAt].