Home » Security News » Critical 7-Zip Vulnerability Allows Code Execution...

Critical 7-Zip Vulnerability Allows Code Execution, Users Advised to Update Immediately

Critical 7-Zip Vulnerability Allows Code Execution, Users Advised to Update Immediately

Add Techlomedia as a preferred source on Google. Preferred Source

A newly discovered vulnerability in 7-Zip, one of the most widely used file compression and extraction tools, could allow attackers to execute malicious code on affected systems

Tracked as CVE-2026-14266, the flaw affects the way 7-Zip processes XZ-compressed data streams. It has been classified as a memory corruption vulnerability and has been fixed in the latest 7-Zip 26.02 update.

The issue is caused by improper handling of XZ chunked data, which can trigger a heap-based buffer overflow. This happens when specially crafted data exceeds the memory space allocated for a buffer, potentially allowing attackers to manipulate the application and execute their own code.

If successfully exploited, attackers could run malicious code with the same privileges as the current user. This could allow them to install malware, steal data, or use the compromised system as part of a larger attack.

However, exploitation requires user interaction. Attackers cannot compromise a system without the victim taking an action. The attack can be triggered when a user opens a specially crafted archive file or visits a malicious webpage designed to deliver the affected XZ payload.

The vulnerability is particularly concerning because 7-Zip is used by millions of users worldwide, including businesses and IT administrators. Attackers often use compressed files in phishing campaigns because archive attachments can appear harmless and bypass basic security checks.

A malicious archive sent through email or other platforms could trick users into opening the file, allowing attackers to exploit the vulnerability and gain access to the system.

The vulnerability has been patched in 7-Zip version 26.02. Users are advised to update their installations immediately to reduce the risk of exploitation.

Security experts also recommend avoiding archive files from unknown sources, scanning email attachments before opening them, and being cautious with unexpected compressed files.

The vulnerability was discovered and reported by Landon Peng of Lunbun LLC through responsible disclosure, helping developers release a fix before widespread exploitation.

CVE-2026-14266 is another reminder that even trusted and widely used software can contain serious security vulnerabilities. Keeping applications updated and following safe file-handling practices remains important to protect against malware and other cyber threats.

Follow Techlomedia on Google News to stay updated. Follow on Google News

Affiliate Disclosure:

This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.

Deepanker Verma

About the Author: Deepanker Verma

Deepanker Verma is the Founder and Editor-in-Chief of TechloMedia. He holds Engineering degree in Computer Science and has over 15 years of experience in the technology sector. Deepanker bridges the gap between complex engineering and consumer electronics. He is also a a known Security Researcher acknowledged by global giants including Apple, Microsoft, and eBay. He uses his technical background to rigorously test gadgets, focusing on performance, security, and long-term value.

Related Posts

Stay Updated with Techlomedia

Join our newsletter to receive the latest tech news, reviews, and guides directly in your inbox.