These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-52758 is a SQL injection vulnerability in Ghidra before 12.1. The vulnerability exists in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. This allows remote attackers to inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database. The vulnerability has a CVSS score of 8. [truncated]
CVE-2026-52756 is a MEDIUM-severity vulnerability in Ghidra before 12.2. The vulnerability is caused by the IsfServer accepting TCP connections and passing client-supplied namespace strings directly to filesystem operations without validation. This allows remote attackers to connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
CVE-2026-52755 is a high-severity path traversal vulnerability in Ghidra before 12.0.4. The vulnerability exists in the theme import functionality and allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys. The vulnerabi [truncated]
CVE-2026-52754 is a HIGH-severity vulnerability in Ghidra, a software reverse engineering (SRE) framework developed by the National Security Agency (NSA). The vulnerability exists in the `PKIAuthenticationModule.authenticate()` method, which fails to properly validate certificates with null signatures. This allows an attacker with a valid CA-signed certificate to impersonate any other user, potentially le [truncated]
CVE-2026-52750 is a command injection vulnerability in Ghidra before 12.1. The vulnerability occurs in URL annotation handling on Windows, where cmd.exe metacharacters are not properly escaped. This allows attackers to execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
CVE-2026-49498 is a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase in Ghidra 11.0 before 12.1. The vulnerability fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain [truncated]
CVE-2026-49497 is a path traversal vulnerability in Ghidra before 12.1. The vulnerability is located in the SameDirDebugInfoProvider and occurs when the software fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. This allows attackers to craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary fi [truncated]
CVE-2026-49496 is a medium-severity heap-use-after-free vulnerability in Ghidra before version 12.1. The vulnerability is caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. This can be triggered by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers. The CVSS score for this vulnera [truncated]
CVE-2026-49495 is a MEDIUM severity vulnerability in Ghidra 10.2 before 12.1. The vulnerability is caused by an uncontrolled resource consumption issue in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryE [truncated]
