CVE-2026-52751
Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File โ Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.
| CWE | CWE-502 |
| Vendor | nationalsecurityagency |
| Product | ghidra |
| Published | Jun 10, 2026 |
| Last Updated | Jun 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for nationalsecurityagency ghidra
Be the first to know when new high vulnerabilities affecting nationalsecurityagency ghidra are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
nationalsecurityagency / ghidra
0 < 12.1
References
github.com: https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-fgg5-g275-7742 github.com: https://github.com/NationalSecurityAgency/ghidra/commit/91a269103fe5d133c14ec3afa60280dccb94be5c vulncheck.com: https://www.vulncheck.com/advisories/ghidra-remote-code-execution-via-unfiltered-rmi-deserialization-in-shared-project-connection
Credits
๐ @jro-calif