CVE-2026-52752
HIGHGhidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
Title source: cnaDescription
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-jhc2-q7qf-9c25)
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ghidra-path-traversal-in-extension-installer-via-zip-entry-names
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
5.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (3)
nationalsecurityagency/ghidra
< 12.0.2
nationalsecurityagency/ghidra
12.0.2
nsa/ghidra
< 12.0.2
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026