CVE-2026-52758
Received Received - Intake
SQL Injection in Ghidra BSim Filter Types

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: VulnCheck

Description
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-52758
EUVD
EUVD-2026-36017
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
national_security_agency ghidra to 12.1 (exc)
national_security_agency ghidra From 11.0 (inc) to 12.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-52758 is a SQL injection vulnerability in the Ghidra software's BSim Search feature affecting versions before 12.1. The vulnerability occurs because certain BSim filter types concatenate user-supplied values directly into SQL queries without proper escaping or parameterization.

This flaw allows remote attackers with network access to the BSim server to inject malicious SQL code via the BSim network query protocol.

As a result, attackers can read, modify, or delete data in the PostgreSQL database used by BSim.

The vulnerability is due to unescaped filter values in classes such as ExecutableNameBSimFilterType, PathStartsBSimFilterType, and NotExecutableNameBSimFilterType, where user input from XML protocol messages is directly appended to SQL queries.

Impact Analysis

This vulnerability can have a significant impact by allowing remote attackers to execute arbitrary SQL commands on the BSim PostgreSQL database.

  • Attackers can read sensitive data stored in the database, compromising confidentiality.
  • They can modify data, affecting data integrity.
  • They can delete data, impacting availability.

Because the attack vector is network-based and requires low complexity, the risk of exploitation is high.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Ghidra to version 12.1 or later, where the SQL injection issue in the BSim search functionality has been fixed.

Avoid using vulnerable versions (11.0 through 12.0) of Ghidra in environments where untrusted users have network access to the BSim server.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52758. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart