Description

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.

INFO

Published Date :

2026-03-29T19:35:30.692Z

Last Modified :

2026-03-30T15:00:34.442Z

Source :

AHA
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4946 vulnerability.

Vendors Products
Nsa
  • Ghidra
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4946.

URL Resource
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-mc3p-mq2p-xw6v cve-icon cve-icon
https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001011111111111000111111110000000000000000000000000000000000000000000000000000000110 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact