{"id":16798,"date":"2026-07-17T06:20:34","date_gmt":"2026-07-17T06:20:34","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=16798"},"modified":"2026-07-17T06:20:35","modified_gmt":"2026-07-17T06:20:35","slug":"7-zip-vulnerability-lets-attackers-set-off-heap-buffer-overflow-utilizing-malicious-recordsdata","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=16798","title":{"rendered":"7-Zip Vulnerability Lets Attackers Set off Heap Buffer Overflow Utilizing Malicious Recordsdata"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p class=\"wp-block-paragraph\">A newly disclosed vulnerability in 7-Zip may enable attackers to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gbhackers.com\/7-zip-vulnerabilities\/\" data-type=\"post\" data-id=\"165728\" target=\"_blank\" rel=\"noreferrer noopener\">execute arbitrary code<\/a> by tricking customers into opening a specifically crafted XZ-compressed file. <\/p>\n<p class=\"wp-block-paragraph\">Tracked as CVE-2026-14266 and recognized by Development Micro\u2019s Zero Day Initiative as ZDI-26-444 (ZDI-CAN-30169), the flaw is a heap-based buffer overflow within the archive utility\u2019s dealing with of XZ chunked knowledge. The vulnerability was publicly disclosed on July 15, 2026, and impacts 7-Zip installations working variations previous to <math xmlns=\"http:\/\/www.w3.org\/1998\/Math\/MathML\"><semantics><mrow><mn\/><\/mrow><\/semantics><\/math><\/p>\n<p class=\"wp-block-paragraph\">The problem lies within the processing of XZ-compressed knowledge, a generally used compression format present in software program packages, backups, distributed archives, and different compressed content material. <\/p>\n<p class=\"wp-block-paragraph\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-26-444\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">In accordance with the advisory, <\/a>specifically crafted XZ chunked knowledge could cause 7-Zip to write down past the boundaries of a heap-allocated buffer. This reminiscence corruption situation could enable an attacker to realize management of software execution and run arbitrary code throughout the safety context of the present 7-Zip course of.<\/p>\n<h2 id=\"h-7-zip-vulnerability\" class=\"wp-block-heading\"><strong>7-Zip Vulnerability<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Profitable exploitation requires person interplay. An attacker would wish to influence a sufferer to open a malicious archive or entry attacker-controlled content material by way of a malicious webpage or obtain course of. <\/p>\n<p class=\"wp-block-paragraph\">Though this requirement reduces the probability of automated exploitation, it nonetheless poses a big threat in focused phishing, malware supply, and social engineering campaigns. <\/p>\n<p class=\"wp-block-paragraph\">Menace actors may disguise a malicious file as a reputable archive, software program replace, doc bundle, or shared backup file to trick victims into processing it with 7-Zip.<\/p>\n<p class=\"wp-block-paragraph\">The vulnerability has been assigned a CVSS rating of seven.0, with the vector AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H. This rating displays the native attack-vector necessities and the necessity for person interplay, whereas additionally acknowledging the potential for a whole impression on confidentiality, integrity, and availability following profitable exploitation. <\/p>\n<p class=\"wp-block-paragraph\">No authentication or present privileges are required, that means {that a} sufferer who merely opens a file might be uncovered, even when the attacker has no prior entry to the focused machine.<\/p>\n<p class=\"wp-block-paragraph\">Heap-based buffer overflows are notably harmful as a result of they&#8217;ll <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gbhackers.com\/timbrestealer-malware-attack\/\" data-type=\"post\" data-id=\"191179\" target=\"_blank\" rel=\"noreferrer noopener\">corrupt dynamically allotted reminiscence <\/a>and doubtlessly redirect program execution. <\/p>\n<p class=\"wp-block-paragraph\">Relying on the goal setting and exploitation circumstances, an attacker could make the most of the flaw to launch malware, steal knowledge accessible to the present person, modify information, or destabilize the affected system. <\/p>\n<p class=\"wp-block-paragraph\">Whereas the advisory doesn&#8217;t point out that CVE-2026-14266 is actively exploited within the wild, publicly accessible technical particulars could enhance the probability of an exploit being developed.<\/p>\n<p class=\"wp-block-paragraph\">The vulnerability was reported to 7-Zip on June 5, 2026, by researcher Landon Peng from Lunbun LLC. Following coordinated disclosure, ZDI launched the advisory on July 15, 2026. The problem has been addressed in 7-Zip model 26.0.<\/p>\n<p class=\"wp-block-paragraph\">Customers and organizations are strongly suggested to replace to 7-Zip model 26.0 or later as quickly as attainable. Safety groups must also monitor for suspicious XZ archives delivered via e mail, messaging platforms, file-sharing providers, or untrusted web sites. <\/p>\n<p class=\"wp-block-paragraph\">Till updates are deployed, customers ought to keep away from opening surprising compressed information and confirm the sources of archives earlier than extracting or previewing their contents.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><strong>\u00a0Strengthen Your SOC by Accelerating Menace Detection &amp; Speedy Investigations.\u00a0-&gt;\u00a0<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Combine ANY.RUN With Your SOC\u00a0<\/a><strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Now<\/a><\/strong>.<\/strong><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>A newly disclosed vulnerability in 7-Zip may enable attackers to execute arbitrary code by tricking customers into opening a specifically crafted XZ-compressed file. Tracked as CVE-2026-14266 and recognized by Development Micro\u2019s Zero Day Initiative as ZDI-26-444 (ZDI-CAN-30169), the flaw is a heap-based buffer overflow within the archive utility\u2019s dealing with of XZ chunked knowledge. The [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16800,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[9807,1629,9810,129,9809,265,1166,9404,9808,1061],"class_list":["post-16798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-7zip","tag-attackers","tag-buffer","tag-files","tag-heap","tag-lets","tag-malicious","tag-overflow","tag-trigger","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16798"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16798\/revisions"}],"predecessor-version":[{"id":16799,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16798\/revisions\/16799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/16800"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-07-17 21:07:58 UTC -->