Main Vulnerability Database Vulnerabilities #VU131580

SQL injection in Ghidra - #VU131580

Published: May 15, 2026

Vulnerability identifier: #VU131580

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: National Security Agency

Affected software:
Ghidra

Detailed vulnerability description

The vulnerability allows a remote user to inject arbitrary SQL commands.

The vulnerability exists due to improper neutralization of special elements used in an SQL command in BSim search filter types when processing XML protocol messages received over the BSim network query protocol. A remote user can send specially crafted filter values to inject arbitrary SQL commands.

Multiple filter types concatenate user-supplied values directly into SQL queries without escaping or parameterization, while the affected values originate from network XML messages.

Remediation

Install security update from vendor's website.

Sources

https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8r4f-65cr-fwxm

SQL injection in Ghidra - #VU131580

Detailed vulnerability description

Remediation

Sources

Please verify you're human