Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-52750— Ghidra < 12.1- Command Injection via URL Annotation Click

CVSS 7.8 · High EPSS 0.50% · P39

Affected Version Matrix 2

VendorProductVersion RangeStatus
nationalsecurityagencyghidra< 12.1affected
12.1unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-52750

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Ghidra < 12.1- Command Injection via URL Annotation Click
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
参数注入或修改
Source: NVD (National Vulnerability Database)
Vulnerability Title
NSA Ghidra 参数注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NSA Ghidra是美国国家安全局(National Security Agency)的一款开源逆向工程工具。 NSA Ghidra 12.1之前版本存在参数注入漏洞,该漏洞源于URL注释处理中未正确转义cmd.exe元字符,导致攻击者通过嵌入恶意URL触发命令注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nationalsecurityagencyghidra 0 ~ 12.1 -

II. Public POCs for CVE-2026-52750

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-52750

登录查看更多情报信息。

Vendor Advisories for CVE-2026-52750 (1)

Same Patch Batch · nationalsecurityagency · 2026-06-10 · 14 CVEs total

CVE-2026-527518.8 HIGHGhidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project
CVE-2026-527588.8 HIGHGhidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search
CVE-2026-527548.8 HIGHGhidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
CVE-2026-494988.8 HIGHGhidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username
CVE-2026-527557.8 HIGHGhidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import
CVE-2026-527527.8 HIGHGhidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
CVE-2026-494966.1 MEDIUMGhidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallo
CVE-2026-527535.5 MEDIUMGhidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
CVE-2026-494955.5 MEDIUMGhidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser
CVE-2026-527564.8 MEDIUMGhidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
CVE-2026-527574.4 MEDIUMGhidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation
CVE-2026-494973.3 LOWGhidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
CVE-2024-583502.9 LOWGhidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order

IV. Related Vulnerabilities

Same product: ghidra
Same vendor: nationalsecurityagency
Same weakness: CWE-88

V. Comments for CVE-2026-52750

No comments yet

Leave a comment