CVE-2026-52756EPSS p30.1%

CVE-2026-52756CVE-2026-52756

nsa / ghidra

Description

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.

Scoring

CVSS 4.8 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS0.38% probability of exploitation · percentile 30.1% · 2026-06-18T12:00:27Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-52752
CVE
CVE-2026-52755
CVE
CVE-2026-49497
CVE
CVE-2026-52754
CVE
CVE-2026-52751
CVE
CVE-2026-52750
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.