ShellCodeX Intelligence Brief
CRITICAL
Open Source
7-Zip 26.02 patches RCE bug triggered by malicious archives
Source headline: Update now: 7-Zip fixes RCE flaw exploitable with malicious archives
Threat level
Critical
Signal strength
85/100
Source confidence
1 source
Published
8 hours ago
Intelligence Summary
7-Zip has released version 26.02 to address a remote code execution (RCE) vulnerability. The flaw can be triggered when a user opens a specially crafted compressed archive. An attacker may be able to execute malicious code on the affected system. This creates risk for users and organizations that process or receive archives from untrusted sources. Update 7-Zip to 26.02 or later and avoid opening archives from unknown senders.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.
Topics
Original reporting
BleepingComputer
Update now: 7-Zip fixes RCE flaw exploitable with malicious archives
Open original source