Security researcher Mohammed Reza Espargham warns WinRAR 5.21 contains a bug in the way it handles self-extracting archives. The vulnerability allows an attacker to insert execute code on your computer of siphon off data. The issue only affects self-extracting archives, those are pretty rare and could be just as dangerous as an .exe file anyway so the issue shouldn't have a major impact.
A bug in the way that WinRAR handles the "Text and Icon" functionality for self-executing archives lets attackers add malicious code to be executed when the user simply clicks to open it—without ever needing to begin extracting the files. The exploit code can access any data and perform any operations the current user can, which is especially dangerous if the user is an administrator. A victim could receive a legit-looking archive (or even an empty one) that silently sets up an exploit in the background or steals data when it's executed.