CVE-2023-26266 In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.
Looks like the patch is in 4.06c and beyond.