Home

Description

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-10 | Updated 2026-06-10 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

11.0 (custom) before 12.1
affected

12.1 (custom)
unaffected

Credits

Sean Nejad (@allsmog) reporter

References

github.com/...ghidra/security/advisories/GHSA-8r4f-65cr-fwxm exploit

github.com/...ghidra/security/advisories/GHSA-8r4f-65cr-fwxm (GitHub Security Advisory (GHSA-8r4f-65cr-fwxm)) vendor-advisory

www.vulncheck.com/...-unescaped-filter-values-in-bsim-search third-party-advisory

cve.org (CVE-2026-52758)

nvd.nist.gov (CVE-2026-52758)

Download JSON