CVE-2026-52751
HIGHGhidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection
Title source: cnaDescription
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-fgg5-g275-7742)
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-fgg5-g275-7742
Patch patch
Patch Commit
https://github.com/NationalSecurityAgency/ghidra/commit/91a269103fe5d133c14ec3afa60280dccb94be5c
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ghidra-remote-code-execution-via-unfiltered-rmi-deserialization-in-shared-project-connection
Scores
CVSS v3
8.8
EPSS
0.0056
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (3)
nationalsecurityagency/ghidra
< 12.1
nationalsecurityagency/ghidra
12.1
nsa/ghidra
< 12.1
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026