CVE-2026-52752 is a path traversal vulnerability in Ghidra, a software reverse engineering (SRE) framework developed by the National Security Agency (NSA). The vulnerability exists in the extension installer and occurs when it fails to properly validate ZIP entry names during extraction. This allows attackers to craft malicious extensions with traversal sequences (e.g., ../ in filenames) to write arbitrar [truncated]
CVE-2026-6807 is a medium-severity information exposure issue affecting NSA GRASSMARLIN v3.2.1. According to CISA’s advisory, crafted session data can trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The advisory also states that GRASSMARLIN has reached end-of-life status and is no longer supported, so no patch or further update is expected.