PT-2026-60346 · 7 Zip · 7-Zip

CVE-2026-14266

·

Published

2026-07-15

·

Updated

2026-07-17

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 26.02
Description A flaw in the processing of XZ chunked data allows remote attackers to execute arbitrary code in the context of the current process. The issue occurs when the software processes specially crafted XZ-compressed data streams, triggering a heap-based buffer overflow. A heap-based buffer overflow is a memory corruption issue that happens when data written to a buffer exceeds its allocated space. Exploitation requires user interaction, such as opening a malicious archive file or visiting a malicious page.
Recommendations Update to version 26.02. Avoid opening compressed files from untrusted sources.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-14266
ZDI-26-444

Affected Products

7-Zip