CVE Catalog

CVE-2026-52756

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

38th percentile — higher than 38% of all known CVEs

Summary

Ghidra before version 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.

Risk Assessment

This vulnerability allows attackers to access sensitive data in the filesystem, potentially leading to information disclosure or further attacks on the organization's infrastructure.

Recommendation

It is recommended to update Ghidra to version 12.2 or later and implement appropriate security measures to restrict access to port 54321.

Original NVD description (English source)

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS