CVE-2026-52759

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H                                    

Vulnerability Description

Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.

Vulnerability Details

Published Date

June 10, 2026

Last Modified

June 11, 2026

CWE ID

CWE-789

Source

NVD

Vendor

Ghidra

Product

Ghidra

External References

https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-v6c3-h9cp-3whf
https://www.vulncheck.com/advisories/ghidra-denial-of-service-via-uncontrolled-memory-allocation-in-mach-o-parser

CVE-2026-52759

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment