CVE-2026-52754
HIGH NVDCVSS Score
8.8
Severity
HIGH
Source
NVD
Published
Jun 10, 2026
Description
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.