PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52752 Nsa CVE debrief

CVE-2026-52752 is a path traversal vulnerability in Ghidra, a software reverse engineering (SRE) framework developed by the National Security Agency (NSA). The vulnerability exists in the extension installer and occurs when it fails to properly validate ZIP entry names during extraction. This allows attackers to craft malicious extensions with traversal sequences (e.g., ../ in filenames) to write arbitrary files outside the intended directory. Successful exploitation enables code execution, posing a significant risk to affected systems.

Vendor
Nsa
Product
Ghidra
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-10
Original CVE updated
2026-06-11
Advisory published
2026-06-10
Advisory updated
2026-06-11

Who should care

Security teams and administrators responsible for Ghidra installations, particularly in environments where the software is used for sensitive or critical tasks, should prioritize patching this vulnerability.

Technical summary

The vulnerability is characterized by the following details: CVSS Score: 8.4, CVSS Severity: HIGH. It affects Ghidra versions prior to 12.0.2. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-22, which refers to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

Defensive priority

HIGH

Recommended defensive actions

  • Apply the official patch: Upgrade Ghidra to version 12.0.2 or later.
  • Restrict access to the Ghidra extension installer to trusted users only.
  • Monitor Ghidra installations for suspicious activity or unauthorized extensions.

Evidence notes

The CVE-2026-52752 record was published on [cve-org] and details can be found on the NVD website [nvd]. Additional information and mitigation strategies are provided in vendor advisories [ref-4] and [ref-5].

Official resources

CVE-2026-52752 was published on 2026-06-10T14:16:35.337Z and modified on 2026-06-11T19:52:02.027Z.