CVE-2026-4946

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.0.3

Description The software improperly processes annotation directives embedded in automatically extracted binary data, leading to arbitrary command execution when a user interacts with the user interface. The @execute annotation, designed for trusted, user-authored comments, is also parsed in comments generated during auto-analysis, such as CFStrings in Mach-O binaries. This allows a crafted binary to present clickable text that, when clicked, executes attacker-controlled commands on the analyst’s machine.

Recommendations Upgrade to a version prior to 12.0.3.