CVE-2026-49498— Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username
Affected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nationalsecurityagency | ghidra | 11.0< 12.1 | affected |
12.1 | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49498
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
NSA Ghidra SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NSA Ghidra是美国国家安全局(National Security Agency)的一款开源逆向工程工具。 NSA Ghidra 12.1之前版本存在SQL注入漏洞,该漏洞源于PostgresFunctionDatabase的changePassword()方法未转义用户名中的双引号,导致SQL注入,经过身份验证的攻击者可通过PasswordChange网络消息中的特制用户名参数注入SQL命令,提升至PostgreSQL超级用户权限并获得完全数据库控制权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nationalsecurityagency | ghidra | 11.0 ~ 12.1 | - |
II. Public POCs for CVE-2026-49498
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-49498
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-49498 (1)
News Coverage for CVE-2026-49498 (1)
Same Patch Batch · nationalsecurityagency · 2026-06-10 · 14 CVEs total
| CVE-2026-52751 | 8.8 HIGH | Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project |
| CVE-2026-52758 | 8.8 HIGH | Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search |
| CVE-2026-52754 | 8.8 HIGH | Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule |
| CVE-2026-52755 | 7.8 HIGH | Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import |
| CVE-2026-52750 | 7.8 HIGH | Ghidra < 12.1- Command Injection via URL Annotation Click |
| CVE-2026-52752 | 7.8 HIGH | Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names |
| CVE-2026-49496 | 6.1 MEDIUM | Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallo |
| CVE-2026-52753 | 5.5 MEDIUM | Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol |
| CVE-2026-49495 | 5.5 MEDIUM | Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser |
| CVE-2026-52756 | 4.8 MEDIUM | Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server |
| CVE-2026-52757 | 4.4 MEDIUM | Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation |
| CVE-2026-49497 | 3.3 LOW | Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution |
| CVE-2024-58350 | 2.9 LOW | Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order |
IV. Related Vulnerabilities
Same product: ghidra
- CVE-2026-52759
Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory - CVE-2026-52758
Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in - CVE-2026-52757
Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() - CVE-2026-52756
Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger I - CVE-2026-52755
Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Impor
Same vendor: nationalsecurityagency
- CVE-2026-52758
Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in - CVE-2026-52757
Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() - CVE-2026-52756
Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger I - CVE-2026-52755
Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Impor - CVE-2026-52754
Ghidra < 12.1 - Authentication Bypass via Null Signature in
Same weakness: CWE-89
- CVE-2026-57667
WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerabi - CVE-2026-57663
WordPress Recipe Maker For Your Food Blog from Zip Recipes p - CVE-2026-57662
WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection v - CVE-2026-57653
WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vuln - CVE-2026-57644
WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQ
V. Comments for CVE-2026-49498
No comments yet