CVE-2026-49498 | NationalSecurityAgency Ghidra up to 12.0 Username changePassword sql injection

A vulnerability described as critical has been identified in NationalSecurityAgency Ghidra up to 12.0. Impacted is the function changePassword of the component Username Handler. Executing a manipulation can lead to sql injection.

The identification of this vulnerability is CVE-2026-49498. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More