Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import
CVE-2026-52755

8.4HIGH

Key Information:

Vendor: Nationalsecurityagency
Status: Ghidra
Vendor: CVE Published:; 10 June 2026

🔔 Create Nationalsecurityagency Vulnerability Alert

What is CVE-2026-52755?

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys.

Affected Version(s)

ghidra 0 < 12.0.4

ghidra 12.0.4

References

https://github.com/NationalSecurityAgency/ghidra/security...

vendor-advisory

https://www.vulncheck.com/advisories/ghidra-path-traversa...

third-party-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

@PrasanthSundararajan69

CVE-2026-52755 Data

JSON