CVE-2026-52752

HIGH 7.8

Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.

CWE	CWE-22
Vendor	nationalsecurityagency
Product	ghidra
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for nationalsecurityagency ghidra

Be the first to know when new high vulnerabilities affecting nationalsecurityagency ghidra are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

nationalsecurityagency / ghidra

0 < 12.0.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25 vulncheck.com: https://www.vulncheck.com/advisories/ghidra-path-traversal-in-extension-installer-via-zip-entry-names

Credits

🔍 @PrasanthSundararajan69 Fin (@Finder16)