Summary
7-Zip version 26.00 and earlier contain a critical heap buffer overflow (CVE-2026-48095) in the NTFS handler that allows attackers to execute arbitrary code via a crafted archive. The flaw is extension-agnostic and can be triggered simply by opening a malicious file.
Take Action:
If you use 7-Zip, update to version 26.01 or later immediately. Versions 26.00 and earlier let attackers take over your system just by opening a malicious archive. Until you've updated, do not open any archive or disk image files from untrusted or unexpected sources, regardless of the file extension.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)