cbcvebase.

Nationalsecurityagency Ghidra vulnerabilities

14 known vulnerabilities affecting nationalsecurityagency/ghidra.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM6LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-52751P2HIGHCVSS 8.8fixed in 12.12026-06-10
CVE-2026-52751 [HIGH] CWE-502 CVE-2026-52751: Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RM Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute
nvd
CVE-2026-52754P2HIGHCVSS 8.8fixed in 12.12026-06-10
CVE-2026-52754 [HIGH] CWE-347 CVE-2026-52754: Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authen Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse eng
nvd
CVE-2026-52758P2HIGHCVSS 8.8≥ 11.0, < 12.12026-06-10
CVE-2026-52758 [HIGH] CWE-89 CVE-2026-52758: Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.
nvd
CVE-2026-49498P3HIGHCVSS 8.8≥ 11.0, < 12.12026-06-10
CVE-2026-49498 [HIGH] CWE-89 CVE-2026-49498: Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of Pos Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL su
nvd
CVE-2026-52750P3HIGHCVSS 7.8fixed in 12.12026-06-10
CVE-2026-52750 [HIGH] CWE-88 CVE-2026-52750: Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
nvd
CVE-2026-52756P3MEDIUMCVSS 6.5fixed in 12.22026-06-10
CVE-2026-52756 [MEDIUM] CWE-22 CVE-2026-52756: Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that ac Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem path
nvd
CVE-2026-52755P3HIGHCVSS 7.8fixed in 12.0.42026-06-10
CVE-2026-52755 [HIGH] CWE-22 CVE-2026-52755: Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys.
nvd
CVE-2026-52752P3HIGHCVSS 7.8fixed in 12.0.22026-06-10
CVE-2026-52752 [HIGH] CWE-22 CVE-2026-52752: Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails t Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.
nvd
CVE-2026-49496P4MEDIUMCVSS 6.1fixed in 12.12026-06-10
CVE-2026-49496 [MEDIUM] CWE-416 CVE-2026-49496: Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLE
nvd
CVE-2026-52753P4MEDIUMCVSS 5.5fixed in 12.0.32026-06-10
CVE-2026-52753 [MEDIUM] CWE-789 CVE-2026-52753: Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allo Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
nvd
CVE-2026-49495P4MEDIUMCVSS 5.5≥ 10.2, < 12.12026-06-10
CVE-2026-49495 [MEDIUM] CWE-835 CVE-2026-49495: Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.pa Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryError that c
nvd
CVE-2026-49497P4LOWCVSS 3.3fixed in 12.12026-06-10
CVE-2026-49497 [LOW] CWE-22 CVE-2026-49497: Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF a
nvd
CVE-2026-52757P4MEDIUMCVSS 4.4fixed in 12.12026-06-10
CVE-2026-52757 [MEDIUM] CWE-416 CVE-2026-52757: Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::me Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap
nvd
CVE-2024-58350P4MEDIUMCVSS 4.0fixed in 11.22026-06-10
CVE-2024-58350 [MEDIUM] CWE-758 CVE-2024-58350: Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration
nvd
Nationalsecurityagency Ghidra vulnerabilities | cvebase