CVE-2026-52752
7.8 HIGHGhidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during ext...
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-22
Description
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-52752
- [Other]https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25
- [Other]https://www.vulncheck.com/advisories/ghidra-path-traversal-in-extension-installer-via-zip-entry-names
- [Other]https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25
Related CVEs
Same CWE
- CVE-2026-52726 — Dulwich is a pure-Python implementation of the Git file formats and protocols (7.5 HIGH)
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47712 — Dulwich is a pure-Python implementation of the Git file formats and protocols (3.3 LOW)
- CVE-2026-46703 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (9.6 CRITICAL)
- CVE-2026-42305 — Dulwich is a pure-Python implementation of the Git file formats and protocols (8.8 HIGH)