7-Zip Patch Addresses Remote Code Execution via Malicious Archives

A remote code execution vulnerability in 7-Zip tracked as CVE-2026-40087 has been patched in version 26.02, affecting the software's handling of XZ-compressed data. The flaw could allow attackers to execute arbitrary code when users open specially crafted compressed files through a heap-based buffer overflow. Exploitation requires user interaction such as opening a malicious archive or visiting a compromised webpage, making social engineering attacks the primary delivery vector.

The patch adds checks to prevent the decompressor from writing beyond available output buffer space, addressing the underlying heap overflow condition. Since 7-Zip lacks an automatic update feature, users must manually download the latest version from the official site. Archive vulnerabilities are attractive targets for threat actors, with past attacks exploiting similar flaws in 7-Zip and WinRAR for malware delivery. Russian hackers previously exploited a 7-Zip zero-day to bypass Windows Mark of the Web security protections, while a WinRAR vulnerability was used in RomCom malware campaigns. While no active exploitation has been reported yet, users are strongly advised to update immediately to prevent potential future attacks. The vulnerability was disclosed by researcher Landon Peng through the Zero Day Initiative.

Read more...

Read More

Got Something To Say?

Your email address will not be published.