7-Zip model 26.02 was launched to repair a distant code execution vulnerability that would permit attackers to execute malicious code by convincing customers to open specifically crafted compressed recordsdata.
The vulnerability, disclosed by LunbunĀ researcher Landon Peng, exists inĀ 7-Zip’s processing of XZ-compressed information.
In response to an advisory from the Zero Day Initiative, specifically crafted XZ information can set off a heap-based buffer overflow, probably permitting attackers to execute arbitrary code because the person.
Whereas the developer has not printed technical particulars in regards to the flaw, the modifications within the 26.02 supply code counsel it’s associated to how 7-Zip tracks obtainable house whereas decompressing XZ information.
The patch provides checks to make sure the decoder can’t write past the remaining obtainable house in an output buffer, serving to forestall a heap-based buffer overflow.
The advisory states that exploitation requires person interplay, corresponding to visiting a malicious web page or opening a malicious archive file.
No computerized replace characteristic
As 7-Zip doesn’t embody an computerized replace characteristic, customers is not going to obtainĀ the safety repair routinely. As a substitute, they have to set up it manually by downloading the most recent model from this system’s official website,Ā 7-zip.org.
As a result of 7-Zip is without doubt one of the most generally used archive utilities on Home windows, safety flaws impacting its archive options are a beautiful goal to menace actors.
A phishing marketing campaign or social engineering assault might be used to distribute a malicious archive that exploits the flaw to put in malware on weak techniques.
This isn’t far-fetched, as archive vulnerabilities, together with these in 7-Zip,Ā have been exploited in previous assaults.
In early 2025, a 7-Zip vulnerability that allowed malware to bypass Home windows’ Mark of the Internet (MotW) safety characteristic was exploited by Russian hackers as a zero-day.
Later that very same 12 months, a Russian hacking group exploited a WinRAR vulnerability tracked asĀ CVE-2025-8088 throughĀ phishing assaults to put in the RomCom malware.
There are at the moment no reviews that attackers are actively exploiting this newly disclosed 7-Zip vulnerability.
Nevertheless, customers are suggested to replace to model 26.02 as quickly as potential to cut back the chance of future assaults.
Safety groups log 54% of profitable assaults and alert on simply 14%. The remainder transfer by way of your setting unseen.
The Picus whitepaper exhibits how breach and assault simulation exams your SIEM and EDR guidelines so threats cease slipping by detection.


