CVE-2026-52750: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in nationalsecurityagency ghidra
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
AI Analysis
Technical Summary
CVE-2026-52750 is a command injection vulnerability affecting Ghidra before version 12.1 on Windows platforms. The issue stems from improper neutralization of argument delimiters in URL annotation handling, where cmd.exe metacharacters are not escaped correctly. This allows an attacker to embed malicious URLs in program comments that, when clicked by the user, execute arbitrary commands under the user's privileges. The vulnerability requires user interaction and has high attack complexity and privileges required, but results in high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation enables an attacker to execute arbitrary commands on the victim's Windows system with the same privileges as the Ghidra user. This can lead to unauthorized system access, data compromise, or disruption of operations. The attack requires the victim to click a malicious URL embedded in program comments, making social engineering a factor. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when clicking URLs in program comments within Ghidra, especially from untrusted sources. Avoid opening suspicious or unexpected annotations containing URLs.
CVE-2026-52750: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in nationalsecurityagency ghidra
Description
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
CVSS v4.0
Score 7.3high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-52750 is a command injection vulnerability affecting Ghidra before version 12.1 on Windows platforms. The issue stems from improper neutralization of argument delimiters in URL annotation handling, where cmd.exe metacharacters are not escaped correctly. This allows an attacker to embed malicious URLs in program comments that, when clicked by the user, execute arbitrary commands under the user's privileges. The vulnerability requires user interaction and has high attack complexity and privileges required, but results in high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation enables an attacker to execute arbitrary commands on the victim's Windows system with the same privileges as the Ghidra user. This can lead to unauthorized system access, data compromise, or disruption of operations. The attack requires the victim to click a malicious URL embedded in program comments, making social engineering a factor. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when clicking URLs in program comments within Ghidra, especially from untrusted sources. Avoid opening suspicious or unexpected annotations containing URLs.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-08T15:20:09.273Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2967aec9170919df1fd47c
Added to database: 6/10/2026, 1:33:34 PM
Last enriched: 6/10/2026, 1:49:00 PM
Last updated: 6/10/2026, 5:48:16 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.