PatchSiren cyber security CVE debrief
CVE-2026-52755 nationalsecurityagency CVE debrief
CVE-2026-52755 is a high-severity path traversal vulnerability in Ghidra before 12.0.4. The vulnerability exists in the theme import functionality and allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys. The vulnerability has a CVSS score of 8.4 and is considered HIGH severity.
- Vendor
- nationalsecurityagency
- Product
- ghidra
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of Ghidra before version 12.0.4 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a path traversal issue in the theme import functionality of Ghidra. This allows attackers to write files outside the intended theme directory, potentially leading to arbitrary code execution or modification of sensitive files.
Defensive priority
HIGH
Recommended defensive actions
- Update Ghidra to version 12.0.4 or later.
- Use caution when importing themes from untrusted sources.
- Monitor for suspicious activity related to theme imports.
Evidence notes
The vulnerability is documented in the CVE record [cve-org] and the NVD detail page [nvd]. Additional information can be found in the vendor advisory [ref-4] and third-party advisory [ref-5].
Official resources
-
CVE-2026-52755 CVE record
CVE.org
-
CVE-2026-52755 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-52755 was published on 2026-06-10T14:16:35.747Z and modified on 2026-06-11T19:52:18.757Z.