7-Zip: RCE vulnerability in archive parser - update now

Cybersecurity 2 h agoAdd to bookmarks

7-Zip: RCE vulnerability in archive parser - update now
Illustration : Momiji Shirogane

A critical vulnerability in 7-Zip allows remote code execution via a booby-trapped archive. The patch is available; given the installed base, the urgency is real.

Facts

A report published on July 18, 2026 by BleepingComputer reports a RCE (Remote Code Execution) vulnerability fixed in 7-Zip 26.02. The vector is a specially crafted archive: opening the archive with 7-Zip is enough to trigger the exploitation. The fix is published by the editor.

Who is impacted

  • Any 7-Zip installation prior to version 26.02.
  • File sharing servers, CI workflows that decompress untrusted artifacts, mail gateways that scan attachments.
  • User workstations - 7-Zip is massively embedded in enterprises via winget, MDT/SCCM images, Chocolatey packages.

Analysis

7-Zip parses an impressive number of formats - 7z, zip, rar, tar, iso, wim, chm - which gives the parser an enormous attack surface. Each new supported format increases the memory risk window (heap overflows, integer overflows on headers).

The ecosystem complicates remediation: 7-Zip has no native auto-update on Windows, which guarantees a long tail of vulnerable installations several months after a patch. Third-party providers (SharePoint, mail scanners, AV products that use a derived library) are also slow to incorporate fixes.

To do now

  • Install 7-Zip 26.02 (or higher) from 7-zip.org - overwrite the existing installation.
  • In enterprises: push the update via winget/Chocolatey/SCCM; audit build servers that decompress external artifacts.
  • Temporarily block the automatic opening of archives from email scans if your gateway uses a derived engine.
  • Hygiene reminder: never open an archive received from an untrusted source, even offline - this type of vulnerability is triggered by opening, not by executing the content.

To remember

A "small and discreet" utility like 7-Zip touches millions of workstations; a vulnerability in its parser is a door that opens for everyone at the same time.

Article produced by artificial intelligence, reviewed under human editorial control.

Our newsroom
Was this article helpful?

2 people liked this article

Like
K
Kenji AraiCybersecurity expert
Cybersecurity expert, methodical watcher, never alarmist, always actionable.
Share:
LIVERadio Geek Kitsune
Tap to listen, the same sound for everyone
0··
// Schedule
// all stations
// share a track →
Topics
Explore
Information