Nixpkgs security tracker

Untriaged

Permalink CVE-2026-4946

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 weeks, 6 days ago

NSA Ghidra Auto-Analysis Annotation Command Execution

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.

References

https://takeonme.org/gcves/GCVE-1337-2026-0000000000000000000000000000000000000… third-party-advisory
https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-mc3p-… vendor-advisory

Affected products

Ghidra

<12.0.3

Matching in nixpkgs

pkgs.ghidra

Software reverse engineering (SRE) suite of tools

nixos-unstable 12.0.2
- nixpkgs-unstable 12.0.2
- nixos-unstable-small 12.0.2
nixos-25.11 11.4.2
- nixos-25.11-small 11.4.2
- nixpkgs-25.11-darwin 11.4.2

pkgs.ghidra-bin

Software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

nixos-unstable 12.0.2
- nixpkgs-unstable 12.0.2
- nixos-unstable-small 12.0.2
nixos-25.11 11.4.2
- nixos-25.11-small 11.4.2
- nixpkgs-25.11-darwin 11.4.2

pkgs.rizinPlugins.rz-ghidra

Deep ghidra decompiler and sleigh disassembler integration for rizin

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.8.0
- nixos-25.11-small 0.8.0
- nixpkgs-25.11-darwin 0.8.0

pkgs.cutterPlugins.rz-ghidra

Deep ghidra decompiler and sleigh disassembler integration for rizin

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.8.0
- nixos-25.11-small 0.8.0
- nixpkgs-25.11-darwin 0.8.0

pkgs.ghidra-extensions.ret-sync

Reverse-Engineering Tools SYNChronization. Allows syncing between a debugging session and Ghidra

nixos-unstable 0-unstable-2024-05-29
- nixpkgs-unstable 0-unstable-2024-05-29
- nixos-unstable-small 0-unstable-2024-05-29
nixos-25.11 0-unstable-2024-05-29
- nixos-25.11-small 0-unstable-2024-05-29
- nixpkgs-25.11-darwin 0-unstable-2024-05-29

pkgs.python313Packages.pyghidra

Native CPython for Ghidra

nixos-unstable 3.0.2
- nixpkgs-unstable 3.0.2
- nixos-unstable-small 3.0.2

pkgs.python314Packages.pyghidra

Native CPython for Ghidra

nixos-unstable 3.0.2
- nixpkgs-unstable 3.0.2
- nixos-unstable-small 3.0.2

pkgs.python312Packages.ghidra-bridge

Python bridge to Ghidra's Python scripting

nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python313Packages.ghidra-bridge

Python bridge to Ghidra's Python scripting

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python314Packages.ghidra-bridge

Python bridge to Ghidra's Python scripting

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0

pkgs.ghidra-extensions.ghidra-firmware-utils

Ghidra utilities for analyzing PC firmware

nixos-unstable 2026.01.14
- nixpkgs-unstable 2026.01.14
- nixos-unstable-small 2026.01.14
nixos-25.11 2024.04.20
- nixos-25.11-small 2024.04.20
- nixpkgs-25.11-darwin 2024.04.20

pkgs.ghidra-extensions.ghidra-delinker-extension

Ghidra extension for delinking executables back to object files

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.5.1
- nixos-25.11-small 0.5.1
- nixpkgs-25.11-darwin 0.5.1

pkgs.ghidra-extensions.ghidraninja-ghidra-scripts

Scripts for the Ghidra software reverse engineering suite

nixos-unstable 2020-10-07
- nixpkgs-unstable 2020-10-07
- nixos-unstable-small 2020-10-07
nixos-25.11 2020-10-07
- nixos-25.11-small 2020-10-07
- nixpkgs-25.11-darwin 2020-10-07

pkgs.ghidra-extensions.ghidra-golanganalyzerextension

Facilitates the analysis of Golang binaries using Ghidra

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4
nixos-25.11 1.2.4
- nixos-25.11-small 1.2.4
- nixpkgs-25.11-darwin 1.2.4

Package maintainers

@chayleaf Anna Pavlyuk <chayleaf-nix@pavluk.org>
@roblabla Robin Lambertz <robinlambertz+dev@gmail.com>
@vringar Stefan Zabka <git@zabka.it>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@ck3d Christian Kögler <ck3d@gmx.de>
@GovanifY Gauvain 'GovanifY' Roussel-Tarbouriech <gauvain@govanify.com>
@hexadecimalDinosaur Ivy Fan-Chiang <dev@ivyfanchiang.ca>
@jchv John Chadwick <johnwchadwick@gmail.com>
@spencerpogo Spencer Pogorzelski
@timschumi Tim Schumacher <timschumi@gmx.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.ghidra

pkgs.ghidra-bin

pkgs.rizinPlugins.rz-ghidra

pkgs.cutterPlugins.rz-ghidra

pkgs.ghidra-extensions.ret-sync

pkgs.python313Packages.pyghidra

pkgs.python314Packages.pyghidra

pkgs.python312Packages.ghidra-bridge

pkgs.python313Packages.ghidra-bridge

pkgs.python314Packages.ghidra-bridge

pkgs.ghidra-extensions.ghidra-firmware-utils

pkgs.ghidra-extensions.ghidra-delinker-extension

pkgs.ghidra-extensions.ghidraninja-ghidra-scripts

pkgs.ghidra-extensions.ghidra-golanganalyzerextension

Package maintainers