CVE-2026-52751: Ghidra Unsafe Deserialization Remote Code Execution (CVSS 8.8)
Ghidra, the NSA's open-source reverse-engineering toolkit, contains a critical flaw in how it handles project files shared over its network protocol. When you open a malicious project file (identified by a ghidra:// link), the application deserializes untrusted data without proper validation. An attacker can exploit this to run arbitrary commands on your machine with the privileges of your Ghidra process. The vulnerability affects all versions before 12.1 and requires only that a user click to open a file—no special authentication or configuration is needed.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-502
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-10 / 2026-07-14
NVD description (verbatim)
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-52751 is an unsafe deserialization vulnerability in Ghidra's client-side Shared-Project RMI (Remote Method Invocation) connection handling. The vulnerability exists in code that processes project files referenced by ghidra:// URLs. When deserialization occurs, attackers can inject a Jython 2.7.4 gadget chain—a sequence of serialized Java objects that, when reconstructed, trigger arbitrary command execution. The lack of input validation or object type filtering during deserialization enables remote code execution without prior authentication. The attack vector is network-based and requires user interaction (opening a project file), but succeeds reliably against unpatched versions.
Business impact
Organizations using Ghidra for malware analysis, binary reversing, or security research face direct compromise of analyst workstations. An attacker can distribute a malicious .ghidra project file or craft a ghidra:// link and socially engineer analysts to open it, gaining code execution in the context of the analyst's user account. This could expose sensitive analysis work, exfiltrate reverse-engineering intelligence, or pivot to internal systems. For security teams relying on Ghidra in air-gapped or sensitive environments, this is particularly severe because the attack requires no network access beyond the initial file delivery.
Affected systems
NSA Ghidra versions prior to 12.1 are vulnerable. This includes all releases from initial publication through 12.0.x. Ghidra is available as a cross-platform Java application, so the vulnerability affects Windows, Linux, and macOS deployments equally. Vulnerability requires that a user actively opens a malicious project file via the File → Open Project menu; headless or server-mode deployments that do not process untrusted ghidra:// URLs are at lower risk.
Exploitability
Exploitability is moderate to high in practical terms. The attack requires user interaction—opening a malicious project file—which means it relies on social engineering or distribution through trusted channels. However, once triggered, exploitation is reliable and requires no special conditions (low complexity, no special privileges). An attacker needs only to craft a malicious .ghidra file or ghidra:// link and convince a target to open it. No zero-click or ambient execution path exists. The Jython gadget chain is well-established in the security research community, making exploit development straightforward for skilled attackers.
Remediation
Upgrade Ghidra to version 12.1 or later. The patched version adds proper input validation and/or restricts deserialization to safe object types during RMI connection handling. Users unable to upgrade immediately should avoid opening project files from untrusted sources and disable or restrict network-based project sharing features if possible. Security teams should also educate analysts about the risks of opening Ghidra projects from external or suspicious sources, treating them similarly to executable files.
Patch guidance
Update Ghidra to 12.1 or a later stable release. Verify the update through the official NSA Ghidra GitHub repository or your organization's software distribution channel. After patching, validate that the installation is correct by checking the version string in Ghidra's About dialog. No special configuration changes are required post-patch. For environments with restricted internet access, pre-stage the patched binary internally or contact NSA for alternative distribution methods.
Detection guidance
Monitor for unexpected Ghidra process spawning of system commands or shell interpreters (cmd.exe, bash, powershell) in correlation with Ghidra window focus or file-open events. Review Ghidra usage logs and RMI connection attempts, especially those initiating from network addresses or involving .ghidra files from external sources. Endpoint detection and response (EDR) tools should flag anomalous child process creation from Ghidra's Java runtime. Network-level detection is limited because the attack occurs post-deserialization on the client; focus instead on behavioral signals at the host level.
Why prioritize this
This vulnerability merits high priority remediation due to the combination of high CVSS score (8.8), ease of exploitation once delivered, and direct impact on security analyst workstations. The attack surface in security research organizations is non-trivial—Ghidra is widely used and analysts regularly exchange projects. Although KEV status is not active, the vulnerability is straightforward to weaponize. Delay in patching leaves team members exposed to potential compromise of sensitive reverse-engineering work and lateral movement into internal networks.
Risk score, explained
CVSS 3.1 score of 8.8 (HIGH) reflects network-based attack vector, low complexity, no privilege requirement, and high impact across confidentiality, integrity, and availability. The requirement for user interaction (UI:R) prevents a perfect 9.9 score. The score appropriately captures the real-world threat: while not trivially exploitable, the vulnerability enables complete system compromise via a targeted social-engineering campaign against a known user population (security analysts).
Frequently asked questions
Does this vulnerability require authentication to Ghidra?
No. The vulnerability is in the client-side deserialization of untrusted project data. An attacker does not need valid credentials or network access to a Ghidra server; they only need to trick a user into opening a malicious project file.
Can this be exploited if Ghidra is behind a firewall or on an air-gapped network?
The initial attack vector (opening a malicious ghidra:// link or .ghidra file) can succeed regardless of firewall status. However, the attacker's subsequent payload execution occurs on the local machine. Network segmentation does not prevent initial compromise, but it may limit lateral movement if properly configured.
What is Jython, and why does it matter?
Jython is an implementation of Python that runs on the Java Virtual Machine. The Jython 2.7.4 gadget chain is a pre-discovered technique for converting serialized Java objects into arbitrary code execution. Its presence in Ghidra's dependencies enables the attack; patching likely removes this gadget chain or adds deserialization filters.
If I never open project files from external sources, am I safe?
Substantially safer, but not completely immune. If Ghidra automatically opens or processes ghidra:// URLs from email, chat, or web browsers without explicit user confirmation, risk remains. Verify your environment's configuration and assume analysts may inadvertently open suspicious files. Patching is the safest defense.
This analysis is based on publicly disclosed vulnerability data as of the modification date (2026-07-14). While we have synthesized technical context and remediation guidance from industry standards, specific patch contents and affected minor versions should be verified against the official NSA Ghidra security advisory and release notes. This explainer does not constitute legal advice or a binding security recommendation; organizations should conduct their own risk assessments in alignment with their threat model and operational environment. No exploit code or detailed weaponization techniques are provided; responsible disclosure practices are assumed. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2025-11993HIGHWooCommerce Infinite Scroll Plugin PHP Object Injection – HIGH Severity
- CVE-2026-20251HIGHSplunk Remote Code Execution via KV Store Deserialization
- CVE-2026-24221HIGHNVIDIA NVTabular Deserialization Vulnerability – Patch & Detection Guide
- CVE-2026-24237HIGHNVIDIA NVTabular Deserialization Remote Code Execution Vulnerability
- CVE-2026-25551HIGHBarTender 2021–12.0.1 Insecure Deserialization Privilege Escalation
- CVE-2026-37579HIGHSMSGate Remote Code Execution via CMPP7 Deserialization
- CVE-2026-38950HIGHESA AnomalyMatch Arbitrary Code Execution via Unsafe PyTorch Deserialization
- CVE-2026-39550HIGHAperitif Theme Remote Code Execution via Object Injection