Skip to main content

Ghidra EUVD-2026-36017

| CVE-2026-52758 HIGH
SQL Injection (CWE-89)
2026-06-10 VulnCheck
PostgreSQL SQLi
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch available
Jun 10, 2026 - 15:01 EUVD
Analysis Updated
Jun 10, 2026 - 14:31 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 10, 2026 - 14:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 10, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
Jun 10, 2026 - 14:22 NVD
8.8 (HIGH) 8.7 (HIGH)
Analysis Generated
Jun 10, 2026 - 14:10 vuln.today
CVE Published
Jun 10, 2026 - 12:42 nvd
HIGH 8.8

DescriptionNVD

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.

Articles & Coverage 1

News 3 New PostgreSQL Vulnerabilities - 1 Critical, 2 High Severity Jun 10, 2026

AnalysisAI

SQL injection in Ghidra's BSim binary-similarity component (versions before 12.1) allows authenticated remote attackers to inject arbitrary SQL via filter types that concatenate user-supplied values directly into PostgreSQL queries. Successful exploitation lets an attacker read, modify, or delete contents of the backing BSim PostgreSQL database used to store function signatures. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-priv BSim credentials
Delivery
Connect to BSim network query protocol
Exploit
Submit crafted filter value with SQL payload
Execution
Payload concatenated into PostgreSQL query
Persist
Injected SQL executes with BSim DB privileges
Impact
Read, modify, or delete signature data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must possess valid low-privilege credentials to a BSim server (PR:L) and must be able to reach the BSim network query protocol endpoint backing PostgreSQL; the vulnerable code path is specifically the BSim filter types that accept user-supplied values. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 8.7 (High) reflects network attack vector (AV:N), low complexity (AC:L), and high impact to confidentiality, integrity and availability of the vulnerable component (VC:H/VI:H/VA:H), but requires low privileges (PR:L) - meaning the attacker must already be an authenticated BSim user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged credentials to a network-reachable BSim server crafts a malicious filter value within a BSim search request, embedding SQL statements that escape the intended query context. Because the filter is concatenated directly into the PostgreSQL query, the attacker's payload executes with the BSim service's database privileges, allowing them to exfiltrate the entire signature corpus, tamper with similarity results to mislead reverse engineering efforts, or drop tables to deny service. …
Remediation Vendor-released patch: upgrade Ghidra to version 12.1 or later, which introduces proper escaping/parameterization for BSim filter values; see the NSA GHSA advisory at https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8r4f-65cr-fwxm for the official fix notes. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all Ghidra installations to identify systems running versions before 12.1 and determine whether PostgreSQL databases are accessible from networks containing untrusted users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49948 HIGH POC
8.6 Jun 09

Authorization bypass in Mem0 self-hosted server versions through 0.2.8 allows any authenticated holder of a distributed

CVE-2026-20253 CRITICAL
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.
CVE-2026-48031 CRITICAL
9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a
CVE-2026-49498 HIGH
8.7 Jun 10

SQL injection in Ghidra's PostgreSQL collaboration backend (versions 11.0 through pre-12.1) allows authenticated users t
CVE-2026-11400 HIGH
8.6 Jun 05

Privilege escalation in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL (versions prior to 4.0.1) allows a re

Share

EUVD-2026-36017 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy