A recently disclosed vulnerability (CVE‑2026‑48095) affects 7-Zip and may allow a remote attacker to execute arbitrary code on vulnerable systems by tricking the users into opening a specially crafted archive file.
Severity level:
CVSS Score: 8.8/High.
Description:
CVE‑2026‑48095 is a heap buffer overflow in 7‑Zip’s NTFS handler caused by improper memory allocation when processing crafted archive data. Opening a malicious file can trigger memory corruption, potentially leading to remote code execution.
Affected Versions:
All versions up to and including 26.00.
Impact:
Successful exploitation may allow attackers to execute arbitrary code on the system.
Resolution:
Upgrade to fixed 7-Zip version 26.01 or later.
Reference:
UIT Information Security