2 min read

7-Zip 26.02 patches archive-based RCE bug

7-Zip 26.02 fixes a remote code execution flaw in XZ handling that could be triggered by malicious archives. The app must be updated manually.

Image: BleepingComputer

7-Zip 26.02 is out with a fix for a remote code execution vulnerability that could let attackers run malicious code if a user opens a specially crafted compressed file.

The bug was disclosed by Lunbun researcher Landon Peng and affects how 7-Zip processes XZ-compressed data. According to an advisory from the Zero Day Initiative, specially crafted XZ data can trigger a heap-based buffer overflow, which could allow arbitrary code execution with the privileges of the current user.

The developer has not published technical details, but changes in the 26.02 source code indicate the flaw is tied to how 7-Zip tracks available space while decompressing XZ data. The patch adds checks so the decoder cannot write past the remaining space in the output buffer, blocking the overflow condition.

Exploitation requires user interaction, such as visiting a malicious page or opening a malicious archive file, the advisory says. Because 7-Zip does not have an automatic update feature, users will need to download and install the new version manually from 7-zip.org.

Recommended reading

Anthropic finds Claude Code used in mostly automated hack

That matters because 7-Zip remains one of the most widely used archive tools on Windows, making archive-parsing bugs a valuable target for attackers. BleepingComputer notes that similar flaws have been abused before: in early 2025, a 7-Zip bug that let malware bypass Windows Mark of the Web protections was exploited as a zero-day by Russian hackers. Later that year, a Russian hacking group used the WinRAR flaw CVE-2025-8088 in phishing attacks to deploy RomCom malware.

There are currently no reports of active exploitation for this newly disclosed 7-Zip vulnerability, but the release of 26.02 gives users a clear next step.

article image
article image
Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via BleepingComputer

// Keep reading