PatchSiren

Nsa CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Nsa CVE published 2026-06-10

CVE-2026-52752

CVE-2026-52752 is a path traversal vulnerability in Ghidra, a software reverse engineering (SRE) framework developed by the National Security Agency (NSA). The vulnerability exists in the extension installer and occurs when it fails to properly validate ZIP entry names during extraction. This allows attackers to craft malicious extensions with traversal sequences (e.g., ../ in filenames) to write arbitrar [truncated]

MEDIUM NSA CVE published 2026-04-28

CVE-2026-6807

CVE-2026-6807 is a medium-severity information exposure issue affecting NSA GRASSMARLIN v3.2.1. According to CISA’s advisory, crafted session data can trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The advisory also states that GRASSMARLIN has reached end-of-life status and is no longer supported, so no patch or further update is expected.