Description
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.
Published: 2026-06-10
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The defect is a null‑signature bypass in the PKIAuthenticationModule.authenticate() method, allowing any user who possesses a certificate signed by a trusted certificate authority to authenticate as a different user. The attacker can then elevate privileges, tamper with repository access controls, exfiltrate shared reverse‑engineering data, and undermine overall server integrity. The weakness is categorized as CWE‑347, reflecting insecure reuse of authentication credentials.

Affected Systems

The issue arises in Ghidra releases prior to version 12.1 distributed by the National Security Agency. Any installation of Ghidra before this release that uses PKI-based authentication is vulnerable; this includes both community and enterprise deployments.

Risk and Exploitability

With a CVSS score of 8.7 the vulnerability is considered high severity. The EPSS score is not available and the vulnerability is not listed in CISA's KEV catalog, but the potential impact is significant. An attacker only needs a valid CA‑signed certificate and can construct a request with a null signature to bypass authentication; the attack can be conducted remotely over the network. The likelihood of exploitation is uncertain, yet the high impact warrants immediate attention.

Generated by OpenCVE AI on June 10, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ghidra to version 12.1 or later to apply the fix for the PKIAuthenticationModule
  • Revoke all certificates that could be used for authentication and rotate the certificate infrastructure until the upgrade is deployed
  • Disable or restrict PKI authentication to a whitelist of explicitly trusted certificates and enforce server‑side revocation checks
  • Audit repository access controls and logs for unauthorized changes and perform a security review of the server configuration

Generated by OpenCVE AI on June 10, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.
Title Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
First Time appeared Nsa
Nsa ghidra
Weaknesses CWE-347
CPEs cpe:2.3:a:nsa:ghidra:*:*:*:*:*:*:*:*
Vendors & Products Nsa
Nsa ghidra
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsa Ghidra
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-10T13:53:32.074Z

Reserved: 2026-06-08T15:20:09.274Z

Link: CVE-2026-52754

cve-icon Vulnrichment

Updated: 2026-06-10T13:53:21.784Z

cve-icon NVD

Status : Received

Published: 2026-06-10T14:16:35.603

Modified: 2026-06-10T14:16:35.603

Link: CVE-2026-52754

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T15:00:13Z

Weaknesses