Four Flaws in NSA's Ghidra: Opening a File Can Own Your Box, CVE-2026-52751 and More, Update to 12.1.2
Four serious flaws in NSA's free analysis tool Ghidra (CVE-2026-52751/49498/52754/52758, all CVSS 8.8). The worst, CVE-2026-52751, needs no auth: opening a crafted project file runs arbitrary code. The other three hit Ghidra Server with DB takeover and impersonation. Update to 12.1.2 now.
Makoto Horikawa
Backend Engineer / AWS / Django
Four serious flaws in NSA's free analysis tool Ghidra (CVE-2026-52751/49498/52754/52758, all CVSS 8.8). The worst, CVE-2026-52751, needs no auth: opening a crafted project file runs arbitrary code. The other three hit Ghidra Server with DB takeover and impersonation. Update to 12.1.2 now.
Just opening a booby-trapped project file is enough to make programs run on the analyst's machine without permission──four flaws, including one this serious, have been disclosed at once in Ghidra, the free software-analysis tool published by the U.S. National Security Agency (NSA). The IDs are CVE-2026-52751, CVE-2026-49498, CVE-2026-52754, and CVE-2026-52758, all rated CVSS 8.8 (High).
Ghidra is a tool for "reverse engineering" — pulling compiled apps and malware (malicious programs) apart to study what they do. Since the NSA released it for free in 2019, security researchers, malware analysts, CTF (hacking competition) players, and students worldwide have used it daily, and it has become a staple with over 60,000 GitHub stars.
The one to watch most closely, CVE-2026-52751, needs no login at all: opening a malicious project file via "File → Open Project" executes arbitrary commands the moment it loads, a path a lone analyst can step on directly. The other three target Ghidra Server (shared projects), where teams collaborate, and allow database takeover and impersonation of other users. The fixes shipped in the Ghidra 12.1 line; the current latest is 12.1.2 (released June 6, 2026). If you use Ghidra, update to 12.1.2 now.
What Ghidra Is, and Why "the Analysis Tool Itself Being Targeted" Is So Bad
Ghidra is an analysis environment that "decompiles" executables back into human-readable form so you can study how a program behaves. Antivirus researchers use it to expose malware, companies use it to audit firmware for vulnerabilities, and law enforcement uses it to examine seized samples. In short, its whole job is to safely take apart unknown, dangerous files. That is exactly why a "get owned just by opening a file" hole in the analysis tool itself is so troubling: analysts work every day on the assumption that they are opening files of unknown origin.
The four flaws split into two groups. One is the "you get hit even using it solo" path of CVE-2026-52751. A crafted project file embeds a special ghidra:// URL; the instant you open it, the client performs unsafe "deserialization" of untrusted data, and a gadget chain through the bundled Jython 2.7.4 (Python on Java) runs arbitrary commands. No login needed, and individual users with no shared server are affected.
The other group is the three flaws targeting Ghidra Server, the foundation of team analysis. These hit companies, research teams, and government agencies that share the same analysis project, leading to takeover of the server's PostgreSQL database or impersonation of other users. If you only ever work solo, only 52751 applies; if you run a server, all four apply.
Which Flaw Hits You, by How You Use Ghidra
Hearing "four flaws in Ghidra" doesn't tell you whether it concerns you — that depends on how you use it. Here is the split.
| Usage | CVEs that apply | What happens |
|---|---|---|
| ① Solo, standalone | CVE-2026-52751 | Opening a project from someone else takes over your machine |
| ② Team, Ghidra Server | 52751 + 49498 + 52754 + 52758 | Plus DB takeover, impersonation, theft of analysis assets |
| ③ Updated to 12.1 line | None (patched) | All four addressed. Watch for missed rollouts |
The widest reach is ①. Even with no shared server, it triggers just by opening a project file someone handed you saying "take a look at this sample." In ② team setups, a low-privilege insider — or anyone merely holding one valid certificate — can reach across the whole server and the team's analysis output.
When These Four Are Triggered, What Walks Off the Analyst's Machine
An analyst's machine is where the world's most dangerous files gather. The party that wants it is no abstract "attacker." It is the malware authors who don't want their own malware analyzed, state-sponsored espionage groups stealing "which sample a team has cracked, and how far" to evade detection and pick their next target, fraud rings mailing crafted projects disguised as job-screening or CTF challenges, and disgruntled insiders who want to exceed their team privileges. What's carried off is malware samples mid-analysis, customers' firmware and competitors' binaries held under NDA, the analysis database built over months of function names and vulnerability notes, and the SSH keys and corporate VPN credentials left on the machine. The very act of "opening a project" — something analysts repeat every single day — becomes, in that instant, the trigger that hands control of the machine to the other side.
What follows is severe. If the analysis database leaks, attackers learn how far their malware has been "seen through" and ship a detection-evading rewrite. If vulnerability notes in customer firmware change hands, a map of not-yet-public zero-days passes straight into attacker hands, gets sold on the dark web, and serves as an entry point into the customer's products or infrastructure. They may also pivot from the supposedly isolated analysis environment into the corporate network.
And the responsibility returns to the side doing the analysis. Security firms, CSIRTs, and public agencies contracted to analyze malware or audit firmware will, if they leak the entrusted samples and customer assets, shoulder NDA breaches, notification duties to customers and regulators, and a collapse of trust. That the premise "dangerous files are handled safely in isolation" breaks via the analysis tool itself is the biggest loss — one no CVSS number captures. Whether you can update to the 12.1 line right now decides the safety of the field.
Each of the Four CVEs: Where and What Goes Wrong
The four differ in where they fire and what they require. Let's go through them in order.
CVE-2026-52751: Takeover the Moment You Open a Project (No Login)
CVE-2026-52751 is the most dangerous path of the four. The client side handling the shared-project RMI connection (Java's remote method invocation) restores untrusted data as-is — an "unsafe deserialization" problem (CWE-502). An attacker prepares a project file embedding a special ghidra:// URL; when the victim opens it via "File → Open Project," a gadget chain through the bundled Jython 2.7.4 fires and runs arbitrary commands without authentication. Individual users with no shared server are affected too.
CVE-2026-49498: Seizing the Database's Highest Privilege via Password Change
CVE-2026-49498 is a SQL injection (CWE-89) in Ghidra Server's password-change routine (changePassword() in PostgresFunctionDatabase). Double quotes in a username are interpolated directly into an ALTER ROLE statement, so a logged-in user sending a crafted password-change message can inject arbitrary SQL. The result: seizing PostgreSQL superuser privileges and controlling the entire database. It affects Ghidra 11.0 through versions before 12.1.
CVE-2026-52754: Impersonating Others with a Single Certificate
CVE-2026-52754 is a flaw in signature verification (CWE-347) in PKI authentication (PKIAuthenticationModule.authenticate()). Anyone holding even one certificate signed by a legitimate CA (certificate authority) can impersonate another user by presenting that person's public certificate with a null signature. This enables altering access controls, stealing the team's analysis database, and taking over the server.
CVE-2026-52758: SQL Injection from the Search Filter
CVE-2026-52758 is a SQL injection (CWE-89) in the filtering mechanism of BSim, which searches for function similarity. User-supplied values are concatenated directly into SQL queries without escaping or parameterization, so a logged-in party can inject arbitrary SQL via the BSim network query protocol — leading to reading, modifying, or deleting data in the backing PostgreSQL.
Affected Versions and Fixes at a Glance
| CVE | Type | Precondition | Impact | Fixed in |
|---|---|---|---|---|
| CVE-2026-52751 | Code execution (deserialization) | None (solo users too) | Opening a crafted project owns the box | 12.1 |
| CVE-2026-49498 | SQL injection | Server, logged-in | DB superuser takeover | 12.1 (11.0+ affected) |
| CVE-2026-52754 | Auth bypass (impersonation) | Server, holds CA cert | Impersonate users, steal analysis assets | 12.1 |
| CVE-2026-52758 | SQL injection (BSim) | Server, logged-in | Read / modify / delete DB data | 12.1 |
The operational call is simple: move to the 12.1 line (latest 12.1.2), which fixes all four. At publication, no listing in the CISA KEV (Known Exploited Vulnerabilities) catalog or reports of active exploitation have been confirmed, but Ghidra is a tool used by people who are themselves prime targets, and the risk jumps the moment proof-of-concept code circulates.
What to Do Right Now
In priority order. This applies whether you use Ghidra solo or run a Ghidra Server for a team.
1. Update to the 12.1 line (latest 12.1.2) immediately. Grab the latest from the official releases page. If you run Ghidra Server, update both the server and the clients.
2. Don't casually open project files of unknown origin. CVE-2026-52751 triggers "just by opening a project." Make it a rule not to open Ghidra project sets (.gpr / .rep) handed to you over social media, email, or forums until you've updated. A standalone binary to analyze and a "project file" someone else built are very different risk levels.
3. Inventory Ghidra Server accounts and certificates. CVE-2026-52754 allows impersonation by anyone with a valid CA-signed certificate. Review issued certificates and user accounts and revoke or delete what you don't need. A sprawl of low-privilege accounts also becomes a foothold for CVE-2026-49498 and 52758.
4. Re-check isolation of the analysis environment. Ghidra is, by design, a tool for handling dangerous files. Do analysis inside a VM or dedicated machine cut off from the internet and the corporate network, and keep no SSH keys or production credentials on the analysis box. Against a "takeover via the tool" like this, isolation is the last line of defense. Because the damage spreads when combined with a local privilege-escalation flaw, keep the analysis machine's OS up to date too.
Timeline
| Date | Event |
|---|---|
| Mar 2019 | NSA releases Ghidra for free; an XXE flaw is found right after launch |
| Jun 6, 2026 | Ghidra 12.1.2 released (the 12.1 line fixes these four) |
| Jun 8, 2026 | Multiple flaws published in GitHub Security Advisories |
| Jun 10, 2026 | Four CVEs (CVSS 8.8) registered in the NVD |
Conclusion: For a Tool That Handles Hazards, the "Safe to Open" Premise Breaks
What these four reveal is the picture in which the very tool meant to safely take apart the hazard that is malware can itself become an entry point for attack just by opening a file. Ghidra has history here: right after its 2019 launch, a vulnerability in analysis projects was pointed out within 24 hours. Analysis tools are fated to receive "inputs an attacker deliberately crafted" every day, so the robustness of their input handling is questioned even more than ordinary apps.
There are two things to do right now: update Ghidra to 12.1.2, and don't open project files of unknown origin until you have. CVE-2026-52751 in particular is a no-authentication path that reaches even individuals with no shared server, so the most dangerous mindset is "I don't use the team features, so this doesn't concern me."
References
- ▸NVD - CVE-2026-52751 (deserialization code execution)
- ▸NVD - CVE-2026-49498 (changePassword SQL injection)
- ▸NVD - CVE-2026-52754 (PKI auth impersonation)
- ▸NVD - CVE-2026-52758 (BSim SQL injection)
- ▸Ghidra Security Advisories (GitHub)
- ▸Ghidra Releases (12.1.2)
- ▸NationalSecurityAgency/ghidra (GitHub repository)
- ▸CISA KEV Catalog