CVE-2026-52754
8.8 HIGHGhidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a ...
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-347
Description
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-52754
- [Other]https://github.com/NationalSecurityAgency/ghidra/commit/78729379e471bbb3d969409be6a8c3d24af84220
- [Other]https://github.com/NationalSecurityAgency/ghidra/commit/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca
- [Other]https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5wxq-7qpv-65p2
- [Other]https://www.vulncheck.com/advisories/ghidra-authentication-bypass-via-null-signature-in-pkiauthenticationmodule
Related CVEs
Same CWE
- CVE-2026-42462 — Fedify is a TypeScript library for building federated server apps powered by ActivityPub (7.0 HIGH)
- CVE-2026-41694 — Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a val... (3.7 LOW)
- CVE-2026-36721 — A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentica... (9.8 CRITICAL)
- CVE-2026-44748 — SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed ... (9.9 CRITICAL)
- CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)