CVE-2026-52752
HIGH NVDCVSS Score
7.8
Severity
HIGH
Source
NVD
Published
Jun 10, 2026
Description
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.