Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.

AI Analysis

SQL injection vulnerability in Ghidra's changePassword() method

Basic Information

ID CVE-2026-49498

Source VulnCheck

Published Jun 10, 2026 at 12:38

Affected Product

Vendor nationalsecurityagency

Product ghidra

Version 11.0

Affected Versions nationalsecurityagency ghidra 11.0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor National Security Agency

Product Ghidra

Version 11.0

References

{
    "lastseen": "",
    "description": "Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.",
    "published": "2026-06-10T12:38:34.069Z",
    "modified": "2026-06-10T12:38:34.069Z",
    "type": "cve",
    "title": "Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username",
    "source": "VulnCheck",
    "references": "https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-vv7r-2rhf-5h7g\nhttps://www.vulncheck.com/advisories/ghidra-sql-injection-in-postgresql-password-change-via-unescaped-username",
    "id": "CVE-2026-49498",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "nationalsecurityagency ghidra 11.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ghidra",
    "version": "11.0",
    "vendor": "nationalsecurityagency",
    "ai_description": "SQL injection vulnerability in Ghidra's changePassword() method",
    "ai_severity": "High",
    "ai_vendor": "National Security Agency",
    "ai_product": "Ghidra",
    "ai_version": "11.0",
    "ai_score": 8.7
}

Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username_CVE-2026-49498