Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-52751— Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection

CVSS 8.8 · High EPSS 0.56% · P42

Affected Version Matrix 2

VendorProductVersion RangeStatus
nationalsecurityagencyghidra< 12.1affected
12.1unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-52751

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
National Security Agency Ghidra 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
National Security Agency Ghidra是美国国家安全局(National Security Agency)的一款软件逆向工程(SRE)框架。 National Security Agency Ghidra 12.1之前版本存在代码问题漏洞,该漏洞源于客户端共享项目RMI连接代码中存在不安全反序列化,导致攻击者通过恶意项目文件执行远程代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nationalsecurityagencyghidra 0 ~ 12.1 -

II. Public POCs for CVE-2026-52751

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-52751

登录查看更多情报信息。

Patches & Fixes for CVE-2026-52751 (1)

Vendor Advisories for CVE-2026-52751 (2)

Same Patch Batch · nationalsecurityagency · 2026-06-10 · 14 CVEs total

CVE-2026-527588.8 HIGHGhidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search
CVE-2026-527548.8 HIGHGhidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
CVE-2026-494988.8 HIGHGhidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username
CVE-2026-527557.8 HIGHGhidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import
CVE-2026-527507.8 HIGHGhidra < 12.1- Command Injection via URL Annotation Click
CVE-2026-527527.8 HIGHGhidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names
CVE-2026-494966.1 MEDIUMGhidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallo
CVE-2026-527535.5 MEDIUMGhidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
CVE-2026-494955.5 MEDIUMGhidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser
CVE-2026-527564.8 MEDIUMGhidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
CVE-2026-527574.4 MEDIUMGhidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation
CVE-2026-494973.3 LOWGhidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
CVE-2024-583502.9 LOWGhidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order

IV. Related Vulnerabilities

Same product: ghidra
Same vendor: nationalsecurityagency
Same weakness: CWE-502

V. Comments for CVE-2026-52751

No comments yet

Leave a comment