CVE-2026-52752
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences, allowing arbitrary file writes outside the intended directory.
Risk Assessment
This vulnerability could lead to arbitrary code execution on the system, posing a significant security risk to the organization.
Recommendation
It is recommended to update Ghidra to version 12.0.2 or later to mitigate this vulnerability.
Original NVD description (English source)
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.

