Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
CVE-2026-52756

6.3MEDIUM

Key Information:

Vendor: Nationalsecurityagency
Status: Ghidra
Vendor: CVE Published:; 10 June 2026

🔔 Create Nationalsecurityagency Vulnerability Alert

What is CVE-2026-52756?

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.

Affected Version(s)

ghidra 0 < 12.2

ghidra 12.2

References

https://github.com/NationalSecurityAgency/ghidra/security...

vendor-advisory

https://www.vulncheck.com/advisories/ghidra-unauthenticat...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

Sean Nejad (@allsmog)

CVE-2026-52756 Data

JSON