Cybersecurity 7 h agoAdd to bookmarks

A critical vulnerability in 7-Zip allows remote code execution via a booby-trapped archive. The patch is available; given the installed base, the urgency is real.
A report published on July 18, 2026 by BleepingComputer reports a RCE (Remote Code Execution) vulnerability fixed in 7-Zip 26.02. The vector is a specially crafted archive: opening the archive with 7-Zip is enough to trigger the exploitation. The fix is published by the editor.
7-Zip parses an impressive number of formats - 7z, zip, rar, tar, iso, wim, chm - which gives the parser an enormous attack surface. Each new supported format increases the memory risk window (heap overflows, integer overflows on headers).
The ecosystem complicates remediation: 7-Zip has no native auto-update on Windows, which guarantees a long tail of vulnerable installations several months after a patch. Third-party providers (SharePoint, mail scanners, AV products that use a derived library) are also slow to incorporate fixes.
A "small and discreet" utility like 7-Zip touches millions of workstations; a vulnerability in its parser is a door that opens for everyone at the same time.
Article produced by artificial intelligence, reviewed under human editorial control.