HIGH 7.8

CVE-2026-52750: Ghidra Windows Command Injection via URL Annotation

Ghidra, the reverse-engineering toolkit maintained by the NSA, has a vulnerability in how it handles URLs embedded in program annotations on Windows systems. If a researcher opens a Ghidra project containing a malicious URL hidden in a code comment and clicks that URL, an attacker can run arbitrary commands on their machine with the same privileges as the Ghidra user. The vulnerability affects Ghidra versions before 12.1 and requires user interaction—an analyst must click the embedded link for the attack to succeed.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-88
Affected products
1 configuration(s)
Published / Modified
2026-06-10 / 2026-07-14

NVD description (verbatim)

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-52750 is a command injection flaw (CWE-88) in Ghidra's URL annotation handling mechanism on Windows platforms. The vulnerability stems from insufficient escaping of cmd.exe metacharacters when processing URLs in program comments. An attacker can craft a malicious URL containing shell metacharacters that, when clicked by a user, are passed unsanitized to the Windows command interpreter. This allows execution of arbitrary commands in the security context of the Ghidra process. The attack vector is local; the malicious URL must be embedded in a project file that a victim opens and interacts with.

Business impact

For security teams and reverse-engineering groups, this vulnerability poses a containment risk. Analysts working with untrusted binaries or samples from external sources could inadvertently execute attacker-controlled code while investigating malware or reviewing third-party libraries. Compromised analyst workstations may expose sensitive reverse-engineering results, internal tooling, or credentials. Organizations relying on Ghidra for malware analysis or vulnerability research should prioritize patching to prevent supply-chain-adjacent attacks where malicious samples are weaponized to compromise analysis infrastructure.

Affected systems

The vulnerability affects NSA Ghidra versions prior to 12.1 on Windows systems. The Windows-specific nature of the flaw relates to cmd.exe metacharacter handling; Unix-like platforms are not impacted. Any deployment of Ghidra on Windows—whether standalone analyst workstations, centralized analysis labs, or CI/CD pipelines processing untrusted binaries—is in scope. Verify your installed version against the vendor's release notes to confirm whether your deployment requires patching.

Exploitability

Exploitation requires user interaction; an attacker cannot remotely trigger the vulnerability. An analyst must click a specially crafted URL embedded in a Ghidra project's annotation or comment field. The barrier to exploitation is relatively low once a malicious project reaches a target, particularly in scenarios where analysts routinely examine samples from untrusted sources or share projects within teams. The attack is not self-propagating and does not exploit a network service, limiting spread to scenarios where weaponized .gpr files or shared projects circulate.

Remediation

Upgrade Ghidra to version 12.1 or later. This release addresses the command injection vulnerability by properly escaping shell metacharacters in URL handling on Windows. Organizations should verify their current deployment version and schedule patching during a maintenance window. After patching, confirm that analysts do not retain cached or archived Ghidra projects containing known malicious URLs, as the vulnerability would still apply if projects are reopened in unpatched instances.

Patch guidance

Apply the Ghidra 12.1 update from the NSA's official repository (GitHub or the project's distribution channels). Verify the version string in Ghidra's About dialog to confirm successful patching. Test the patched version in a non-production environment with a sample malicious URL in an annotation to ensure the fix is effective before full deployment. Establish a process to notify analysts of the patch availability and enforce upgrades on shared analysis systems.

Detection guidance

Monitor file system activity on Windows systems running Ghidra for unexpected child processes spawned from ghidra.exe or java.exe processes (which Ghidra uses). Look for cmd.exe invocations with unusual arguments or those spawned from Ghidra processes when analysts are not actively compiling or executing analysis scripts. Endpoint Detection and Response (EDR) solutions should flag suspicious command-line patterns emerging from Ghidra's process tree. Review Ghidra project files (.gpr, associated binary formats) in malware sandboxes or static analysis to identify embedded URLs with cmd.exe metacharacters, particularly pipes (|), redirects (>, <), or logical operators (&&, ||).

Why prioritize this

This vulnerability merits HIGH priority because it directly compromises analyst workstations handling sensitive or untrusted content. While user interaction is required, the consequence of exploitation—full code execution under analyst privileges—is severe. In organizations conducting incident response, malware analysis, or security research, a compromised analyst system cascades into broader infrastructure risks. The attack is low-effort to deliver (embed a URL in a comment) and high-impact (command execution), making it an attractive vector for advanced adversaries targeting research or incident response teams.

Risk score, explained

The CVSS 3.1 score of 7.8 (HIGH) reflects the balance between required user interaction and the severity of command execution. The vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector (code runs where Ghidra is installed), low complexity (no special conditions needed once the project is opened), no privileges required, required user interaction (clicking the URL), unchanged scope, and high confidentiality, integrity, and availability impact. The score appropriately penalizes the user-interaction requirement while acknowledging that successful exploitation results in complete system compromise from the Ghidra user's perspective.

Frequently asked questions

Can this vulnerability be exploited remotely without physical access to the analyst's machine?

No. The attack requires a malicious Ghidra project file to be opened and a URL in that file to be clicked by the analyst. An attacker cannot trigger the vulnerability over the network directly; they must distribute the weaponized project file through channels the analyst trusts or will open (e.g., via email, shared drive, or a malware sample submission).

Does this vulnerability affect Ghidra on Linux or macOS?

No. The vulnerability is specific to Windows because it exploits cmd.exe metacharacter handling. Ghidra on Linux and macOS use different URL handling mechanisms and are not vulnerable. However, users of those platforms should still update to 12.1 or later for other security improvements and to maintain consistency across deployments.

If an analyst clicks a malicious URL in an unpatched version, what commands could an attacker execute?

Any command that the analyst's Windows user account can execute. This includes writing files, modifying system settings, launching additional malware, exfiltrating data, or pivoting to other systems on the network. The attacker's capabilities are bounded only by the analyst's user permissions and network access.

Should we disable URL clicking in Ghidra until we can patch?

Disabling URL handling in Ghidra may not be a straightforward configuration option. Instead, prioritize patching to 12.1 immediately and, in the interim, train analysts to avoid clicking embedded URLs in untrusted or unfamiliar Ghidra projects. Review any externally sourced projects for suspicious annotations before opening them.

This analysis is provided for informational purposes and represents SEC.co's interpretation of the published CVE data and vendor advisories. Security teams should verify all technical details, affected version ranges, and patch availability directly with the NSA Ghidra project documentation and release notes. The presence or absence of an exploit in the wild, weaponized proof-of-concept code, or inclusion on the CISA Known Exploited Vulnerabilities (KEV) catalog should not be assumed based on this analysis alone. Organizations should conduct internal testing and validate patches in their own environments before full deployment. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).