CVE-2026-49496 Overview
CVE-2026-49496 is a heap use-after-free vulnerability [CWE-416] in Ghidra versions before 12.1. The flaw resides in the SleighBuilder::generatePointerAdd function within the SLEIGH decompilation library maintained by the National Security Agency. Iterator invalidation occurs when PcodeCacher::allocateInstruction reallocates the issued vector, leaving the builder operating on freed memory. Attackers trigger the corruption by decompiling a malicious binary through the public Sleigh::oneInstruction C++ API. Downstream consumers of the SLEIGH library inherit the same exposure when processing untrusted inputs.
Critical Impact
Reverse engineers and automated analysis pipelines that decompile attacker-supplied binaries can experience memory corruption, leading to process crashes or potential code execution within the analyst's environment.
Affected Products
- Ghidra versions prior to 12.1
- SLEIGH library (C++ API) shipped with Ghidra
- Third-party tools embedding the SLEIGH decompiler library
Discovery Timeline
- 2026-06-10 - CVE-2026-49496 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-49496
Vulnerability Analysis
The vulnerability sits in Ghidra's SLEIGH processor specification engine, which translates machine instructions into p-code for decompilation. During instruction lowering, SleighBuilder::generatePointerAdd holds an iterator or pointer into the vector managed by PcodeCacher. When PcodeCacher::allocateInstruction requests additional capacity, the underlying vector reallocates and frees its prior backing storage. The builder continues to dereference the now-invalid iterator, producing a heap use-after-free condition. Because the bug is reached through Sleigh::oneInstruction, any tool that feeds binary data into the SLEIGH library through this public entry point can trigger it. The local attack vector requires the victim to load and decompile an attacker-crafted binary, which is a routine workflow in malware analysis.
Root Cause
The root cause is iterator invalidation following vector reallocation inside PcodeCacher::allocateInstruction. The calling function SleighBuilder::generatePointerAdd does not refresh its reference after the allocation, violating C++ container lifetime rules and producing dangling memory access.
Attack Vector
Exploitation is local and requires user interaction. An analyst must open or decompile a malicious binary inside Ghidra or a tool that links the SLEIGH library. No network access or elevated privileges are required, and the crafted input drives execution into the vulnerable code path.
Verified exploitation code is not publicly available. See the GitHub Security Advisory GHSA-gqh9-2c72-wpjc and the VulnCheck Advisory for further technical context.
Detection Methods for CVE-2026-49496
Indicators of Compromise
- Unexpected crashes of ghidra or processes embedding the SLEIGH library while decompiling untrusted binaries.
- ASan or heap sanitizer reports flagging use-after-free inside SleighBuilder::generatePointerAdd or PcodeCacher::allocateInstruction.
- Suspicious binaries staged in analyst workstations or shared malware repositories prior to a crash event.
Detection Strategies
- Hunt for abnormal termination of Ghidra processes correlated with file open events on recently received samples.
- Run untrusted binaries through Ghidra builds compiled with AddressSanitizer to surface use-after-free conditions before production analysis.
- Inventory internal tooling that links the SLEIGH C++ library and flag versions older than Ghidra 12.1.
Monitoring Recommendations
- Monitor analyst endpoints for child process spawns or memory protection changes originating from Ghidra after decompilation.
- Log file hashes of binaries submitted to reverse engineering workstations to enable retroactive triage.
- Alert on Ghidra crash dumps written to disk and forward them to a central location for review.
How to Mitigate CVE-2026-49496
Immediate Actions Required
- Upgrade all Ghidra installations and SLEIGH library consumers to version 12.1 or later.
- Restrict decompilation of untrusted binaries to isolated, non-privileged analyst virtual machines.
- Audit internal tooling for the Sleigh::oneInstruction API and confirm it is linked against a patched build.
Patch Information
The vulnerability is fixed in Ghidra 12.1. The upstream fix is available in commit 8a3018d, which refreshes the iterator after PcodeCacher::allocateInstruction may reallocate its vector. Refer to GHSA-gqh9-2c72-wpjc for the official vendor advisory.
Workarounds
- Avoid loading binaries from untrusted sources into vulnerable Ghidra versions until the upgrade is applied.
- Run reverse engineering tooling inside disposable sandboxes or containers without access to sensitive data.
- Disable or remove third-party scripts that automate decompilation of unverified inputs through the SLEIGH C++ API.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

