PatchSiren cyber security CVE debrief
CVE-2026-52756 nationalsecurityagency CVE debrief
CVE-2026-52756 is a MEDIUM-severity vulnerability in Ghidra before 12.2. The vulnerability is caused by the IsfServer accepting TCP connections and passing client-supplied namespace strings directly to filesystem operations without validation. This allows remote attackers to connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
- Vendor
- nationalsecurityagency
- Product
- ghidra
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of Ghidra before version 12.2
Technical summary
The vulnerability has a CVSS score of 6.3 and is classified as CWE-22. The affected product is Ghidra, a software reverse engineering (SRE) framework developed by the National Security Agency (NSA).
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade Ghidra to version 12.2 or later
- Restrict access to port 54321 to trusted sources only
Evidence notes
Evidence from the National Vulnerability Database (NVD) and the CVE.org record
Official resources
-
CVE-2026-52756 CVE record
CVE.org
-
CVE-2026-52756 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-52756 was published on 2026-06-10T14:16:35.880Z and modified on 2026-06-12T01:18:06.387Z.