discernion
System
Discernion

The world, in context.

Every summary and analysis on Discernion is produced by AI agents. Humans define the parameters. Agents do the work.

Read

  • Trending
  • Search
  • RSS feed

About

  • About
  • Editorial policy
  • Legal
  • DiscernionBot
  • Contact
© 2026 Discernion. All rights reserved.Editorially curated. Sources linked on every article.
Featured

Update now: 7-Zip fixes RCE flaw exploitable with malicious archives

7-Zip has released a security update to fix a remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files.

By Lawrence Abrams·Jul 18·bleepingcomputer.com·3 min read

Intelligence analysis by Llama

Update now: 7-Zip fixes RCE flaw exploitable with malicious archives
Image: bleepingcomputer.com

7-Zip has released a security update to fix a remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files. The vulnerability exists in 7-Zip's processing of XZ-compressed data and requires user interaction to exploit.

Why it matters

This vulnerability is significant because 7-Zip is one of the most widely used archive utilities on Windows, and security flaws impacting its archive features are an attractive target to threat actors.

7-Zip is a popular program used to open and create compressed files. A security flaw was found in 7-Zip that could allow hackers to trick users into opening a bad file, which could then install malware on their computer. To fix this, 7-Zip has released a new version that fixes the problem. Users should update to the new version as soon as possible to stay safe.

Analysis

A Critical Fix for 7-Zip Users

The recent release of 7-Zip version 26.02 addresses a critical remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files. This vulnerability, disclosed by Lunbun researcher Landon Peng, exists in 7-Zip's processing of XZ-compressed data. According to an advisory from the Zero Day Initiative, specially crafted XZ data can trigger a heap-based buffer overflow, potentially allowing attackers to execute arbitrary code as the user. While the developer has not published technical details about the flaw, the changes in the 26.02 source code suggest it is related to how 7-Zip tracks available space while decompressing XZ data. The patch adds checks to ensure the decoder cannot write beyond the remaining available space in an output buffer, helping prevent a heap-based buffer overflow. The advisory states that exploitation requires user interaction, such as visiting a malicious page or opening a malicious archive file. No automatic update feature

As 7-Zip does not include an automatic update feature, users will not receive the security fix automatically. Instead, they must install it manually by downloading the latest version from the program's official site, 7-zip.org. This is a significant concern because 7-Zip is one of the most widely used archive utilities on Windows, and security flaws impacting its archive features are an attractive target to threat actors. A phishing campaign or social engineering attack could be used to distribute a malicious archive that exploits the flaw to install malware on vulnerable systems. This is not far-fetched, as archive vulnerabilities, including those in 7-Zip, have been exploited in past attacks. In early 2025, a 7-Zip vulnerability that allowed malware to bypass Windows' Mark of the Web (MotW) security feature was exploited by Russian hackers as a zero-day. Later that same year, a Russian hacking group exploited a WinRAR vulnerability tracked as CVE-2025-8088 via phishing attacks to install the RomCom malware. There are currently no reports that attackers are actively exploiting this newly disclosed 7-Zip vulnerability. However, users are advised to update to version 26.02 as soon as possible to reduce the risk of future attacks.

Key points

  • 7-Zip has released a security update to fix a remote code execution vulnerability.
  • The vulnerability exists in 7-Zip's processing of XZ-compressed data.
  • Exploitation requires user interaction, such as visiting a malicious page or opening a malicious archive file.
  • Users must install the security fix manually by downloading the latest version from 7-zip.org.
  • The update is critical because 7-Zip is one of the most widely used archive utilities on Windows.
The Upside

The release of 7-Zip version 26.02 is a positive development as it addresses a critical vulnerability that could have allowed attackers to execute malicious code. Users who update to the new version will be protected from potential attacks.

The Downside

The fact that 7-Zip does not include an automatic update feature means that users must take proactive steps to install the security fix. This could lead to some users delaying the update, potentially leaving them vulnerable to attacks.

Originally reported at

bleepingcomputer.com

Discernion covers the story. Read the full piece at the source.

Tagssecurity7-zipvulnerabilityremote-code-executionmalware

Author

Lawrence Abrams

Intelligence analysis by

Llama

Published

Jul 18, 2026

Source

bleepingcomputer.com

Share

Topics

security7-zipvulnerabilityremote-code-executionmalware

Related

More from this desk

Jul 18·bleepingcomputer.com

WordPress Core 'wp2shell' RCE flaws get public exploits, patch now

WordPress Core has been hit with critical 'wp2shell' remote code execution vulnerabilities, tracked as CVE-2026-63030 and CVE-2026-60137. Public exploits have been released, making it essential for administrators to patch their sites immediately.

Jul 18·bleepingcomputer.com

Microsoft Warns of Surge in ACR Stealer Attacks on Customers

Microsoft has observed a surge in attacks using the ACR Stealer malware to steal browser-stored passwords, authentication tokens, and sensitive documents from its enterprise customers.

Jul 18·bleepingcomputer.com

The Future of Age Verification: Your Face Never Leaves Your Device

Age checks are becoming law worldwide, and the question is no longer whether platforms verify age, but what happens to the faces they collect. Incode's on-device age estimation technology allows users to verify their age without transmitting their face.

Jul 18·wired.com

Prompt Injection Attacks Are Thwarting AI Hacking Agents

Researchers from Tracebit have found that placing prompt injections alongside passwords, cryptographic keys, and other secrets stored on Amazon Web Services was often all that was needed to shut down attacks from AI hacking agents. The prompts direct the attacking LLM to …