CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-52754

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.1%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/NationalSecurityAgency/ghidra/commit/78729379e471bbb3d969409be6a8c3d24af84220
https://github.com/NationalSecurityAgency/ghidra/commit/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5wxq-7qpv-65p2
https://www.vulncheck.com/advisories/ghidra-authentication-bypass-via-null-signature-in-pkiauthenticationmodule

Products affected by CVE-2026-52754

Nsa » Ghidra » Version: Any

cpe:2.3:a:nsa:ghidra:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-52754

Products

Pricing

Contact Us