Ghostwire
Home / Vulnerabilities / CVE-2026-52758

CVE-2026-52758: Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values...

HIGH CVSS 7.5

Published: June 10, 2026 | Last Modified: June 10, 2026

Description

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

CVE Feed
CVE-2026-52758 - Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search
 Tenable CVEs
CVE-2026-52758

References