Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
AnalysisAI
Command injection in Ghidra versions before 12.1 on Windows allows attackers to execute arbitrary OS commands under the Ghidra user's privileges when a victim clicks a maliciously crafted URL embedded in a program comment annotation. The flaw stems from improper escaping of cmd.exe metacharacters in URL annotation handling, and exploitation requires user interaction (UI:A). No public exploit identified at time of analysis, though VulnCheck published a dedicated advisory alongside the NSA's GitHub security advisory.
Technical ContextAI
Ghidra is the National Security Agency's open-source software reverse-engineering (SRE) framework, widely used by malware analysts and security researchers to disassemble and decompile binaries. Program listings in Ghidra support URL annotations that can be embedded inside code comments and clicked from the UI. On Windows, the URL launch path eventually invokes the system shell (cmd.exe) without properly neutralizing shell metacharacters such as &, |, ^, and quoted argument delimiters - the exact behavior described by CWE-88 (Improper Neutralization of Argument Delimiters in a Command, aka 'Argument Injection'). Because cmd.exe parses these characters before the intended URL handler ever sees them, an attacker who controls the annotation contents can append or substitute arbitrary commands. The CPE 'cpe:2.3:a:nationalsecurityagency:ghidra:*' covers all Ghidra builds prior to the 12.1 release.
RemediationAI
Upgrade to Ghidra 12.1 or later, which is the vendor-released patched version per the NSA advisory GHSA-5c38-3rf3-gp75 (https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5c38-3rf3-gp75). Until upgrading, Windows analysts should avoid clicking URL annotations in any Ghidra project sourced from an untrusted party (shared GZF/GAR archives, sample-sharing sites, CTF distributions), and should review or strip URL annotations from comments before opening untrusted projects - the trade-off is loss of legitimate URL navigation convenience. Running Ghidra on Linux or macOS, or inside a disposable Windows VM with no access to lab credentials, also blunts impact at the cost of workflow disruption; refer to VulnCheck's writeup at https://www.vulncheck.com/advisories/ghidra-command-injection-via-url-annotation-click for additional indicators.
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files featu
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a pro
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. Ra
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive)
Command injection in NSA Ghidra (versions before 12.0.3) executes arbitrary commands when analysts click on maliciously
SQL injection in Ghidra's BSim binary-similarity component (versions before 12.1) allows authenticated remote attackers
Authentication bypass in NSA Ghidra versions prior to 12.1 allows any holder of a valid CA-signed certificate to imperso
SQL injection in Ghidra's PostgreSQL collaboration backend (versions 11.0 through pre-12.1) allows authenticated users t
Remote code execution in NSA Ghidra before version 12.1 allows attackers to execute arbitrary commands when a user opens
Arbitrary file write in NSA's Ghidra reverse-engineering framework before version 12.0.4 allows attackers to escape the
Arbitrary file write in NSA Ghidra versions prior to 12.0.2 allows local attackers to achieve code execution by tricking
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36008