PatchSiren cyber security CVE debrief
CVE-2026-52750 nationalsecurityagency CVE debrief
CVE-2026-52750 is a command injection vulnerability in Ghidra before 12.1. The vulnerability occurs in URL annotation handling on Windows, where cmd.exe metacharacters are not properly escaped. This allows attackers to execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
- Vendor
- nationalsecurityagency
- Product
- ghidra
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of Ghidra versions prior to 12.1 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 8.4 and is classified as HIGH severity. It is exploitable on Windows platforms where Ghidra is used. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-88.
Defensive priority
HIGH
Recommended defensive actions
- Update Ghidra to version 12.1 or later.
- Be cautious when clicking on URLs in program comments from untrusted sources.
- Consider implementing additional security measures to monitor and restrict user interactions with URLs in Ghidra.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available in the vendor advisory at [ref-4] and third-party advisory at [ref-5].
Official resources
-
CVE-2026-52750 CVE record
CVE.org
-
CVE-2026-52750 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-52750 was published on 2026-06-10T14:16:35.050Z and modified on 2026-06-11T19:51:01.647Z.