Ghidra < 12.1 - Authentication Bypass via Null Signature in...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.

AI Analysis

Authentication bypass vulnerability in Ghidra's PKIAuthenticationModule via null signature, allowing attackers to impersonate users and escalate privileges.

Basic Information

ID CVE-2026-52754

Source VulnCheck

Published Jun 10, 2026 at 12:40

Affected Product

Vendor nationalsecurityagency

Product ghidra

Affected Versions nationalsecurityagency ghidra 0

CWE Classification

CWE-347

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor National Security Agency

Product Ghidra

Version < 12.1

References

{
    "lastseen": "",
    "description": "Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.",
    "published": "2026-06-10T12:40:46.463Z",
    "modified": "2026-06-10T12:40:46.463Z",
    "type": "cve",
    "title": "Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule",
    "source": "VulnCheck",
    "references": "https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5wxq-7qpv-65p2\nhttps://github.com/NationalSecurityAgency/ghidra/commit/78729379e471bbb3d969409be6a8c3d24af84220\nhttps://github.com/NationalSecurityAgency/ghidra/commit/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca\nhttps://www.vulncheck.com/advisories/ghidra-authentication-bypass-via-null-signature-in-pkiauthenticationmodule",
    "id": "CVE-2026-52754",
    "bulletinFamily": "",
    "cwe": [
        "CWE-347"
    ],
    "cvelist": null,
    "sourceData": "nationalsecurityagency ghidra 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ghidra",
    "version": "0",
    "vendor": "nationalsecurityagency",
    "ai_description": "Authentication bypass vulnerability in Ghidra's PKIAuthenticationModule via null signature, allowing attackers to impersonate users and escalate privileges.",
    "ai_severity": "High",
    "ai_vendor": "National Security Agency",
    "ai_product": "Ghidra",
    "ai_version": "< 12.1",
    "ai_score": 8.7
}

Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule_CVE-2026-52754