CVE-2026-52756
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk38th percentile — higher than 38% of all known CVEs
Summary
Ghidra before version 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
Risk Assessment
This vulnerability allows attackers to access sensitive data in the filesystem, potentially leading to information disclosure or further attacks on the organization's infrastructure.
Recommendation
It is recommended to update Ghidra to version 12.2 or later and implement appropriate security measures to restrict access to port 54321.
Original NVD description (English source)
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.

