How is CVE-2026-52751 exploited?

Network reachability (required): The attacker must deliver a malicious project file or ghidra:// URL to a victim reachable over the network; the vulnerable RMI deserialization code is triggered client-side upon connection. Authentication (not-required): No authentication is needed; the vulnerability is exploitable by any unauthenticated party who can get the victim to open a crafted project file. Victim interaction (required): The victim must actively open a malicious Ghidra project file or ghidra:// URL via File then Open Project, making this a social-engineering-dependent attack. Attack complexity (info): Attack complexity is low; the exploit relies on a well-known Jython 2.7.4 deserialization gadget chain and requires no special race conditions or environmental prerequisites.

What is the impact of CVE-2026-52751?

Reads files and environment data accessible to the user running Ghidra, including source code, reverse-engineering artifacts, and credentials stored on the host. Writes or modifies files on the victim's machine under the permissions of the Ghidra process. Executes arbitrary operating system commands on the victim's host, enabling installation of backdoors or lateral movement tools. Crashes or destabilizes the Ghidra process and any dependent tooling on the affected workstation.

Back to search

HIGHCVE-2026-52751Published 2026-06-10Modified 2026-06-10CNA VulnCheck

CVE-2026-52751: Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection

Q: What is CVE-2026-52751?

Remote code execution via unsafe deserialization affects Ghidra before version 12.1. The vulnerability is reachable over the network and requires no authentication, but does require a victim to open a maliciously crafted project file containing a ghidra:// URL. Successful exploitation allows an attacker to execute arbitrary commands on the victim's machine by abusing a Jython 2.7.4 gadget chain in the Shared Project RMI connection code. A patched-image rebuild at version 12.1 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-52751 fixed?

A patched-image rebuild at Ghidra 12.1 becomes available through HarborGuard once the fix version is confirmed in the upstream advisory record. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: 12.1
Affected Products: 1

HarborGuard Analysis

Synopsis

Remote code execution via unsafe deserialization affects Ghidra before version 12.1. The vulnerability is reachable over the network and requires no authentication, but does require a victim to open a maliciously crafted project file containing a ghidra:// URL. Successful exploitation allows an attacker to execute arbitrary commands on the victim's machine by abusing a Jython 2.7.4 gadget chain in the Shared Project RMI connection code. A patched-image rebuild at version 12.1 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-52751 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Ghidra. Any image containing a Ghidra installation below version 12.1 will surface as affected.

Available

Triage

HarborGuard scores this CVE at 8.6 HIGH (CVSS v4.0) and can weight that score against each environment's compliance policy to prioritize alerting. Triage findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at Ghidra 12.1 becomes available through HarborGuard once the fix version is confirmed in the upstream advisory record. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must deliver a malicious project file or ghidra:// URL to a victim reachable over the network; the vulnerable RMI deserialization code is triggered client-side upon connection.
AuthenticationNot required
No authentication is needed; the vulnerability is exploitable by any unauthenticated party who can get the victim to open a crafted project file.
Victim interactionRequired
The victim must actively open a malicious Ghidra project file or ghidra:// URL via File then Open Project, making this a social-engineering-dependent attack.
Attack complexityDetail
Attack complexity is low; the exploit relies on a well-known Jython 2.7.4 deserialization gadget chain and requires no special race conditions or environmental prerequisites.

Blast Radius

Reads files and environment data accessible to the user running Ghidra, including source code, reverse-engineering artifacts, and credentials stored on the host.
Writes or modifies files on the victim's machine under the permissions of the Ghidra process.
Executes arbitrary operating system commands on the victim's host, enabling installation of backdoors or lateral movement tools.
Crashes or destabilizes the Ghidra process and any dependent tooling on the affected workstation.

How HarborGuard Handles This

Available on HarborGuard: images containing Ghidra below version 12.1 are flagged automatically as each image scan completes, with severity scored at 8.6 HIGH. For customers who opt into auto-remediation, HarborGuard rebuilds the image at Ghidra 12.1, runs a regression test pass, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Because exploitation requires victim interaction (opening a crafted project file), teams that cannot immediately rebuild should enforce controls to prevent untrusted ghidra:// URLs and project files from reaching developer workstations, for example through mail and browser content filtering or network-policy rules that block inbound RMI traffic on the Ghidra shared-project port.

See how HarborGuard automates this

Fix available

12.1

Patch commits

Patch Commit

Affected packages

nationalsecurityagency / ghidra
< 12.1 (from 0)
Fixed in 12.1

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available