CVE-2026-52756: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in nationalsecurityagency ghidra
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
AI Analysis
Technical Summary
CVE-2026-52756 is a path traversal vulnerability affecting the IsfServer in Ghidra before version 12.2. The IsfServer listens on TCP port 54321 and accepts client-supplied namespace strings that are directly used in filesystem operations without validation. This lack of input sanitization enables remote attackers to craft protobuf messages containing path traversal sequences to enumerate filesystem directories and access arbitrary files. The vulnerability requires no authentication and has a medium severity rating with a CVSS 4.0 score of 6.3. No official patch or remediation level has been provided at this time.
Potential Impact
Remote attackers can connect unauthenticated to the IsfServer on port 54321 and exploit the path traversal vulnerability to enumerate filesystem paths and probe arbitrary files. This could lead to unauthorized disclosure of sensitive information stored on the affected system. There is no indication of privilege escalation or code execution from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to port 54321 to trusted hosts only and monitor for unusual connections to this port. Avoid exposing the IsfServer to untrusted networks.
CVE-2026-52756: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in nationalsecurityagency ghidra
Description
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
CVSS v4.0
Score 6.3medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-52756 is a path traversal vulnerability affecting the IsfServer in Ghidra before version 12.2. The IsfServer listens on TCP port 54321 and accepts client-supplied namespace strings that are directly used in filesystem operations without validation. This lack of input sanitization enables remote attackers to craft protobuf messages containing path traversal sequences to enumerate filesystem directories and access arbitrary files. The vulnerability requires no authentication and has a medium severity rating with a CVSS 4.0 score of 6.3. No official patch or remediation level has been provided at this time.
Potential Impact
Remote attackers can connect unauthenticated to the IsfServer on port 54321 and exploit the path traversal vulnerability to enumerate filesystem paths and probe arbitrary files. This could lead to unauthorized disclosure of sensitive information stored on the affected system. There is no indication of privilege escalation or code execution from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to port 54321 to trusted hosts only and monitor for unusual connections to this port. Avoid exposing the IsfServer to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-08T15:20:09.274Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2967b2c9170919df1fd8f1
Added to database: 6/10/2026, 1:33:38 PM
Last enriched: 6/10/2026, 1:50:07 PM
Last updated: 6/10/2026, 2:39:10 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.