• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

7-Zip Vulnerability Lets Attackers Set off Heap Buffer Overflow Utilizing Malicious Recordsdata

Admin by Admin
July 17, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


A newly disclosed vulnerability in 7-Zip may enable attackers to execute arbitrary code by tricking customers into opening a specifically crafted XZ-compressed file.

Tracked as CVE-2026-14266 and recognized by Development Micro’s Zero Day Initiative as ZDI-26-444 (ZDI-CAN-30169), the flaw is a heap-based buffer overflow within the archive utility’s dealing with of XZ chunked knowledge. The vulnerability was publicly disclosed on July 15, 2026, and impacts 7-Zip installations working variations previous to

The problem lies within the processing of XZ-compressed knowledge, a generally used compression format present in software program packages, backups, distributed archives, and different compressed content material.

In accordance with the advisory, specifically crafted XZ chunked knowledge could cause 7-Zip to write down past the boundaries of a heap-allocated buffer. This reminiscence corruption situation could enable an attacker to realize management of software execution and run arbitrary code throughout the safety context of the present 7-Zip course of.

7-Zip Vulnerability

Profitable exploitation requires person interplay. An attacker would wish to influence a sufferer to open a malicious archive or entry attacker-controlled content material by way of a malicious webpage or obtain course of.

Though this requirement reduces the probability of automated exploitation, it nonetheless poses a big threat in focused phishing, malware supply, and social engineering campaigns.

Menace actors may disguise a malicious file as a reputable archive, software program replace, doc bundle, or shared backup file to trick victims into processing it with 7-Zip.

The vulnerability has been assigned a CVSS rating of seven.0, with the vector AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. This rating displays the native attack-vector necessities and the necessity for person interplay, whereas additionally acknowledging the potential for a whole impression on confidentiality, integrity, and availability following profitable exploitation.

No authentication or present privileges are required, that means {that a} sufferer who merely opens a file might be uncovered, even when the attacker has no prior entry to the focused machine.

Heap-based buffer overflows are notably harmful as a result of they’ll corrupt dynamically allotted reminiscence and doubtlessly redirect program execution.

Relying on the goal setting and exploitation circumstances, an attacker could make the most of the flaw to launch malware, steal knowledge accessible to the present person, modify information, or destabilize the affected system.

Whereas the advisory doesn’t point out that CVE-2026-14266 is actively exploited within the wild, publicly accessible technical particulars could enhance the probability of an exploit being developed.

The vulnerability was reported to 7-Zip on June 5, 2026, by researcher Landon Peng from Lunbun LLC. Following coordinated disclosure, ZDI launched the advisory on July 15, 2026. The problem has been addressed in 7-Zip model 26.0.

Customers and organizations are strongly suggested to replace to 7-Zip model 26.0 or later as quickly as attainable. Safety groups must also monitor for suspicious XZ archives delivered via e mail, messaging platforms, file-sharing providers, or untrusted web sites.

Till updates are deployed, customers ought to keep away from opening surprising compressed information and confirm the sources of archives earlier than extracting or previewing their contents.

 Strengthen Your SOC by Accelerating Menace Detection & Speedy Investigations. -> Combine ANY.RUN With Your SOC Now.

Tags: 7ZipAttackersBufferfilesHeapLetsMaliciousOverflowTriggerVulnerability
Admin

Admin

Next Post
Construct enterprise seek for brokers with Amazon Bedrock Managed Data Base

Construct enterprise seek for brokers with Amazon Bedrock Managed Data Base

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Ideas on Streaming Companies: 2024 Version

Ideas on Streaming Companies: 2024 Version

June 16, 2025
Enterprise-grade pure language to SQL era utilizing LLMs: Balancing accuracy, latency, and scale

Enterprise-grade pure language to SQL era utilizing LLMs: Balancing accuracy, latency, and scale

April 27, 2025
Sophos publicizes UAE knowledge middle – Sophos Information

Sophos publicizes UAE knowledge middle – Sophos Information

July 19, 2025
Forescout Launches VistaroAIâ„¢ to Assist Safety Groups Minimize By way of AI Hype and Act Sooner on Actual Threats

Forescout Launches VistaroAIâ„¢ to Assist Safety Groups Minimize By way of AI Hype and Act Sooner on Actual Threats

February 25, 2026
Drive Enterprise Progress with Skilled Odoo ERP Consulting

Drive Enterprise Progress with Skilled Odoo ERP Consulting

May 3, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

How Multi-Agent LLMs Are Reshaping Algorithmic Buying and selling: A Deep Dive into TradingAgents

How Multi-Agent LLMs Are Reshaping Algorithmic Buying and selling: A Deep Dive into TradingAgents

July 17, 2026
Microsoft Patches a File 570 Safety Flaws – Krebs on Safety

Microsoft Patches a File 570 Safety Flaws – Krebs on Safety

July 17, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved