Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
CVE-2026-52754

8.7HIGH

Key Information:

Vendor

Nationalsecurityagency

Status
Ghidra
Vendor
CVE Published:
10 June 2026

What is CVE-2026-52754?

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.

Affected Version(s)

ghidra 0 < 12.1

ghidra 12.1

References

https://github.com/NationalSecurityAgency/ghidra/security...
vendor-advisory
https://github.com/NationalSecurityAgency/ghidra/commit/7...
patch
https://github.com/NationalSecurityAgency/ghidra/commit/7...
patch

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@jro-calif
Sean Nejad (@allsmog)
.