CVE-2026-52754 nationalsecurityagency CVE debrief

Who should care

Users of Ghidra versions prior to 12.1 should be aware of this vulnerability and take immediate action to patch their installations. This includes administrators, developers, and security teams responsible for managing and securing software development and reverse engineering tools.

Technical summary

The vulnerability is caused by inadequate validation of certificate signatures in the `PKIAuthenticationModule.authenticate()` method. Specifically, the method fails to reject certificates with null signatures, allowing attackers to bypass authentication and impersonate legitimate users. The vulnerability has a CVSS score of 8.7, indicating a HIGH level of severity.

Defensive priority

High

Recommended defensive actions

• Upgrade to Ghidra version 12.1 or later to patch the vulnerability.
• Review and restrict access to sensitive Ghidra features and data.
• Monitor Ghidra installations for suspicious activity.

Evidence notes

The CVE record and associated metadata provide evidence of the vulnerability's existence and impact. The vendor, NSA, has released patches for the vulnerability, which are available on GitHub.

Official resources