PSA: The widely used 7-Zip utility is once again affected by a potentially dangerous security vulnerability. The open-source file archiver can be exploited to execute malicious code by tricking users into opening specially crafted archives. End users and system administrators are advised to install the latest version of the software as soon as possible.
A recently disclosed security flaw could turn 7-Zip into a powerful tool for cybercriminals seeking to spread malware online and compromise large numbers of PCs. The free file archiver, which has repeatedly been affected by critical vulnerabilities, contains a bug in the way it handles NTFS-based volume image files. Victims only need to open a specially crafted archive for the exploit to execute.
The GHSL-2026-140 vulnerability was discovered in April and is currently tracked as CVE-2026-48095. The issue stems from a heap-based buffer overflow, a type of memory corruption vulnerability that can be exploited by overwriting data stored in dynamically allocated memory.
According to SOC Prime, CVE-2026-48095 is triggered when an archive contains a maliciously crafted NTFS image file. Once the archive is opened, vulnerable versions of 7-Zip trigger undefined behavior in the program's buffer size calculation routine. The file archiver then allocates an insufficient amount of memory while processing the archive, potentially overwriting adjacent heap data.
The bug was discovered in April and privately reported to the 7-Zip team. The tool was subsequently updated to version 26.01, which is no longer affected by the security flaw. A security advisory about the bug was released just a few days ago, along with a working proof-of-concept Python script that could be used to exploit the vulnerability in affected 7-Zip versions.
Researchers warn that CVE-2026-48095 and the accompanying PoC could lead either to remote code execution or to a simple application crash or denial-of-service condition, depending on the affected platform and available system memory. The bug can only be mitigated by installing the most recent version of 7-Zip, which was released roughly 30 days ago.
However, CVE-2026-48095 may pose a significant risk because of how widely 7-Zip is used. The open-source archiving tool has been downloaded hundreds of millions of times, with many systems relying on its command-line version or libraries to support multiple archive formats. In the worst case, many Windows or Linux systems running older 7-Zip releases could now be potential targets for exploitation with unexpected security consequences.