Main Vulnerability Database Vulnerabilities #VU131578

Path traversal in Ghidra - #VU131578

Published: May 15, 2026 / Updated: May 16, 2026

Vulnerability identifier: #VU131578

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: National Security Agency

Affected software:
Ghidra

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to path traversal in Debugger ISF Server when processing client-supplied namespace strings over TCP connections. A remote attacker can send a specially crafted protobuf request to disclose sensitive information.

User interaction is required because the server must first be manually launched, and differential error responses can reveal whether targeted filesystem paths exist.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8pr2-46mf-v2r2

Path traversal in Ghidra - #VU131578

Detailed vulnerability description

Remediation

Sources

Please verify you're human