CVE-2026-52756
6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nationalsecurityagency | ghidra | 0 < 12.2 | affected |
| nationalsecurityagency | ghidra | 12.2 | unaffected |
Weaknesses
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8pr2-46mf-v2r2
- https://www.vulncheck.com/advisories/ghidra-unauthenticated-path-traversal-in-debugger-isf-server
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.