CVE-2026-52751
Description
Ghidra versions prior to 12.1 are vulnerable to unauthenticated RCE via unsafe deserialization in Shared-Project RMI connections, triggered by opening a malicious project file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ghidra versions prior to 12.1 are vulnerable to unauthenticated RCE via unsafe deserialization in Shared-Project RMI connections, triggered by opening a malicious project file.
Vulnerability
Ghidra versions prior to 12.1 contain an unsafe deserialization vulnerability in the client-side Shared-Project RMI connection code. This vulnerability allows unauthenticated remote code execution when a user opens a crafted Ghidra project file containing a ghidra:// URL. The vulnerability is triggered by deserializing untrusted objects using a Jython 2.7.4 gadget chain when the client performs an initial RMI call to reg.list() before any authentication is exchanged [1, 3]. The affected code paths have been present since Ghidra version 9.1 [1].
Exploitation
An attacker can exploit this vulnerability by providing a malicious Ghidra project file to a victim. The victim only needs to open this project file using File → Open Project. The project file can contain an <OPEN_REPOSITORY_VIEW URL="…"/> element, which Ghidra's DefaultProject.restore() function will silently process, initiating a ghidra:// connection. This connection leads to the deserialization of untrusted objects via ObjectInputStream.readObject() on the client, as no ObjectInputFilter is applied to this client-side deserialization [1].
Impact
Successful exploitation allows an unauthenticated remote attacker to achieve arbitrary code execution on the victim's workstation. The attacker leverages a Jython 2.7.4 gadget chain to reach Runtime.getRuntime().exec(...), enabling the execution of arbitrary commands with the privileges of the Ghidra application user [1, 3].
Mitigation
Ghidra version 12.1 and later contain a fix for this vulnerability [3]. The vulnerability was addressed in commit 91a2691 [2]. No workarounds are specified in the available references. Ghidra is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <12.1
Patches
191a269103fe5GP-0: Fixing javadoc
2 files changed · +3 −3
Ghidra/Debug/ProposedUtils/src/main/java/ghidra/util/database/DBCachedObjectStoreFactory.java+1 −1 modified@@ -169,7 +169,7 @@ public AddressRange toRange(AddressFactory factory) { * MyContext getContext(); * } * - * public static class MyDBFieldCodec<OT extends DBAnnotatedObject & ContextProvider> extends + * public static class MyDBFieldCodec<OT extends DBAnnotatedObject & ContextProvider> extends * AbstractDBFieldCodec<MyType, OT, BinaryField> { * * public MyDBFieldCodec(Class<OT> objectType, Field field, int column) {
Ghidra/Features/Base/src/main/java/ghidra/app/merge/structures/StructureMergeDialog.java+2 −2 modified@@ -43,8 +43,8 @@ * <P> * The dialog also provides the following actions as keyboard only actions: * <OL> - * <LI>Apply Item (<SPACE>): pressing the space bar key will apply the currently focussed and - * selected item from either the left side or right sided. (Assuming it is appliable).</LI> + * <LI>Apply Item (<SPACE>): pressing the space bar key will apply the currently focussed and + * selected item from either the left side or right sided. (Assuming it is applicable).</LI> * <LI>Focus Left Side (<LEFT ARROW>): pressing the left arrow will give focus to the left side * display.</LI> * <LI>Focus Right Side (<RIGHT ARROW>): pressing the right arrow will give focus to the right side
Vulnerability mechanics
Root cause
"Client-side RMI deserialization in Ghidra does not use an ObjectInputFilter, allowing untrusted data to be deserialized."
Attack vector
An attacker can craft a malicious Ghidra project file containing a ghidra:// URL. When a victim opens this project file via File → Open Project, the Ghidra client initiates an RMI connection to a server. During this connection, the client deserializes untrusted objects returned by the server using a gadget chain within the bundled Jython 2.7.4 library, leading to unauthenticated remote code execution [ref_id=1]. The initial RMI call, reg.list(), is sufficient to trigger the vulnerability before any authentication occurs [ref_id=1].
Affected code
The vulnerability resides in Ghidra's client-side Shared-Project connection code, specifically within the `ServerConnectTask.java` file, where RMI calls are made without an active filter. The deserialization occurs via `ObjectInputStream.readObject()` which is vulnerable when processing responses from RMI calls like `reg.list()` and `reg.lookup()` [ref_id=1]. The exploit utilizes a gadget chain found in the bundled `jython-standalone-2.7.4.jar`.
What the fix does
The patch addresses the vulnerability by implementing client-side RMI deserialization filtering. A new ObjectInputFilter is installed on the client, mirroring the server-side allow-list, to restrict deserialized objects. This prevents the deserialization of malicious Jython gadgets, thereby closing the remote code execution sink. The fix ensures that only trusted objects can be deserialized during RMI interactions [patch_id=5478759].
Preconditions
- inputThe victim must open a malicious Ghidra project file.
- configThe Ghidra installation must have the ghidra:// URL handler and the Shared Project feature enabled.
Generated on Jun 10, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
1- National Security Agency's Ghidra: 15 Vulnerabilities Disclosed on June 10, 2026Vypr Intelligence · Jun 10, 2026