CVE Catalog

CVE-2026-52751

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

26th percentile - higher than 26% of all known CVEs

Summary

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.

Risk Assessment

This vulnerability poses a serious risk to organizations as it allows attackers to remotely execute code on user systems, potentially leading to data loss or system takeover.

Recommendation

It is recommended to update Ghidra to version 12.1 or later to mitigate this vulnerability. Additionally, avoid opening unknown or suspicious project files.

Original NVD description (English source)

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS