{"id":"CVE-2023-26266","details":"In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.","modified":"2026-04-10T04:57:49.558347Z","published":"2023-02-21T04:15:10.693Z","references":[{"type":"FIX","url":"https://github.com/AFLplusplus/AFLplusplus/pull/1643"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aflplusplus/aflplusplus","events":[{"introduced":"0"},{"last_affected":"3b6fcd911a860a8c823c912c4b08b423734e4cfe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.05c"}]}}],"versions":["2.52c","2.53c","2.54c","2.57c","2.58c","2.60c","2.61c","2.62c","2.63c","2.64c","2.65c","2.66c","2.67c","2.68c","3.0c","3.10c","3.11c","3.12c","3.13c","3.14c","4.00c","4.01c","4.02c","4.03c","4.04c","4.05c"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26266.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}