Ghidra

Source repositories

https://github.com/nationalsecurityagency/ghidra

CVEs (16)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-52758	Nationalsecurityagency Ghidra	Hig	0.57	8.8	—	Jun 10, 2026	Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or…
CVE-2026-49498	Nationalsecurityagency Ghidra	Hig	0.57	8.8	—	Jun 10, 2026	Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username…
CVE-2026-52755	Nationalsecurityagency Ghidra	Hig	0.51	7.8	—	Jun 10, 2026	Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code…
CVE-2026-52752	Nationalsecurityagency Ghidra	Hig	0.51	7.8	—	Jun 10, 2026	Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended…
CVE-2026-52750	Nationalsecurityagency Ghidra	Hig	0.51	7.8	—	Jun 10, 2026	Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments…
CVE-2026-52754	Nationalsecurityagency Ghidra	Hig	0.50	8.8	—	Jun 10, 2026	Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate…
CVE-2026-52751	Nationalsecurityagency Ghidra	Hig	0.50	8.8	—	Jun 10, 2026	Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project,…
CVE-2026-52759	Nationalsecurityagency Ghidra	Med	0.36	5.5	—	Jun 10, 2026	Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser…
CVE-2026-52753	Nationalsecurityagency Ghidra	Med	0.36	5.5	—	Jun 10, 2026	Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes…
CVE-2026-49495	Nationalsecurityagency Ghidra	Med	0.36	5.5	—	Jun 10, 2026	Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth…
CVE-2026-49496	Nationalsecurityagency Ghidra	Med	0.33	6.1	—	Jun 10, 2026	Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries…
CVE-2026-52756	Nationalsecurityagency Ghidra	Med	0.31	4.8	—	Jun 10, 2026	Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send…
CVE-2026-52757	Nationalsecurityagency Ghidra	Med	0.22	4.4	—	Jun 10, 2026	Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap…
CVE-2026-49497	Nationalsecurityagency Ghidra	Low	0.21	3.3	—	Jun 10, 2026	Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem…
CVE-2024-58350	Nationalsecurityagency Ghidra	Low	0.19	2.9	—	Jun 10, 2026	Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during…
CVE-2020-6958	YAJSW YAJSW		0.00	—	0.01	Jan 13, 2020	An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

CVE-2026-52758HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.57cvss 8.8epss —
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or…
CVE-2026-49498HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.57cvss 8.8epss —
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username…
CVE-2026-52755HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.51cvss 7.8epss —
Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code…
CVE-2026-52752HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.51cvss 7.8epss —
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended…
CVE-2026-52750HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.51cvss 7.8epss —
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments…
CVE-2026-52754HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.50cvss 8.8epss —
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate…
CVE-2026-52751HigJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.50cvss 8.8epss —
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project,…
CVE-2026-52759MedJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.36cvss 5.5epss —
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser…
CVE-2026-52753MedJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.36cvss 5.5epss —
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes…
CVE-2026-49495MedJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.36cvss 5.5epss —
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth…
CVE-2026-49496MedJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.33cvss 6.1epss —
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries…
CVE-2026-52756MedJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.31cvss 4.8epss —
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send…
CVE-2026-52757MedJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.22cvss 4.4epss —
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap…
CVE-2026-49497LowJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.21cvss 3.3epss —
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem…
CVE-2024-58350LowJun 10, 2026
Nationalsecurityagency
Ghidra
risk 0.19cvss 2.9epss —
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during…
CVE-2020-6958Jan 13, 2020
YAJSW
YAJSW
risk 0.00cvss —epss 0.01
An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.