7-zip NEW Vulnerability (update to v26.02) *updated again*

aGGyunit

Forum Admin
Staff member
Joined
30 Apr 2023
Messages
11,511
Appreciation score
18,393
You do not have permission to view link Log in or register now.


A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files.

The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions of 7-Zip prior to version 25.00


Since 7-Zip lacks automatic update functionality, users must manually download and install the latest version from the official website.

Stay safe out there ..

See my post below for the new exploit info.
 
Last edited:

KOMPLEX

Member
Joined
8 Jun 2023
Messages
56
Appreciation score
16
I’m using version 19.00… but I’m updating it right now.
 

ARCHIVE

Contributor
Joined
19 Jun 2024
Messages
556
Appreciation score
655
thanks for these reminders, aGGyunit

Download 7-Zip 26.00 (2026-02-12)
 

aGGyunit

Forum Admin
Staff member
Joined
30 Apr 2023
Messages
11,511
Appreciation score
18,393
7-Zip CVE-2026-48095: NTFS Heap Overflow Can Trigger Through Renamed Files

Tracked as CVE-2026-48095 (advisory GHSL-2026-140), the bug was found by Jaroslav Lobačevski of GitHub Security Lab and carries a CVSS 3.1 score of 8.8.
It affects 7-Zip 26.00 and all versions before it. The patched release is 26.01. There’s already a working proof-of-concept in the wild.

You do not have permission to view link Log in or register now.


Grab a fresh copy if you're not already running v26.01:
You do not have permission to view link Log in or register now.
 
Top Bottom