CVE-2026-52751
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows attackers to remotely execute code on user systems, potentially leading to data loss or system takeover.
Recommendation
It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability. Additionally, avoid opening unknown or suspicious project files.
Original NVD description (English source)
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.

