Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
CVE-2026-52752

8.4HIGH

Key Information:

Vendor: Nationalsecurityagency
Status: Ghidra
Vendor: CVE Published:; 10 June 2026

🔔 Create Nationalsecurityagency Vulnerability Alert

What is CVE-2026-52752?

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.

Affected Version(s)

ghidra 0 < 12.0.2

ghidra 12.0.2

References

https://github.com/NationalSecurityAgency/ghidra/security...

vendor-advisory

https://www.vulncheck.com/advisories/ghidra-path-traversa...

third-party-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

@PrasanthSundararajan69

Fin (@Finder16)

CVE-2026-52752 Data

JSON