The hugely popular open source utility 7-Zip she was hit by one new critical security vulnerabilitycataloged with a threat score of 8.8 out of 10. The flaw – identified as CVE-2026-48095 – potentially affects hundreds of millions of devices worldwide: Windows PCs, Linux servers, cloud systems and industrial automation infrastructures. The real danger is that an attacker could execute malicious code on the victim’s computer simply by inducing them to open a specially manipulated archivein common formats such as .7z, .zip or .rar.
It is not necessary to extract the files: just open the archive to list its contents, or for it to pass through automated software, for the flaw to be activated. The problem concerns the version 26.00 of the program and all the previous ones; there 26.01released on April 27, 2026, includes fix. Since 7-Zip does not have an automatic update system, it is necessary to intervene manually. In the following paragraphs we analyze the technical functioning of the bug and the steps necessary to stay safe.
How the 7-Zip bug technically works
The problem lies in the way the software analyzes the structure of files. Specifically, the flaw is hidden in the code dedicated to reading disk images in NTFS format (the standard file system used by Microsoft for Windows NT, 10 and 11 operating systems). When 7-Zip processes this type of file, a specially constructed NTFS image can induce an error in calculating the size of the buffer (a temporary memory area that the program uses to move data). Due to a bug in the sizing expression, the buffer is allocated with just 1 byte of space instead of the correct amount.
The subsequent read operation then writes attacker-controlled data beyond this tiny buffer, generating what is called a heap buffer overflow: an overflow in heap memory that, under favorable conditions, allows malicious code to take control of the flow execution and run with the privileges of the program in use. On systems with limited memory resources, the most likely result is a application crash or a denial of service.
You might think that giving up opening files with suspicious extensions is enough to stay safe, but that’s not the case. This is because an attacker could disguise a malicious NTFS image by giving it the extension of a common .zip or .rar file.
Because the spread of 7-Zip amplifies the risk
THE’huge spread of this tool multiplies the attack surface significantly. In addition to the classic GUI application on Windows, 7-Zip is silently embedded in millions of enterprise scripts, in OEM systems pre-installed by computer manufacturers, and in CI/CD environments, the automated chains with which developers test and release software. Additionally, several Linux distributions, including Ubuntu and RHEL 8, often include packages like p7zip that may be obsolete and therefore vulnerable.
Then there is a further risk factor linked to the open source nature of the project: since the code is publicly available, many third-party applications have integrated it internally. This means that an infected archive can be processed completely automatically, without the user clicking on anything, by antiviruses, backup tools, file managers or malware analysis platforms. These applications often operate with elevated privileges, which further amplifies the potential damage if compromised.
How to protect yourself from the new vulnerability
The solution is update 7-Zip to version 26.01 or later. On Windows, you can check the installed version by opening the application and consulting the section Program information: if the number is less than 26.01, it is necessary download the new installer from the official website – 7-zip.org– and start it. It is advisable to complete this operation before interacting with any externally sourced archive.
