NewsSecurity Vulnerabilities

7-Zip XZ Decompression Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2026-14266)

CVE number = CVE-2026-14266

This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip.

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of XZ chunked data.

Crafted XZ-compressed data can trigger an overflow of a heap-based buffer.

An attacker can leverage this vulnerability to execute code in the context of the current process.

This issue has been fixed in 7-Zip 26.02

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.