| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| Exploit for CVE-2026-14191 | 7 Jul 202609:40 | – | githubexploit | |
| CVE-2026-14191 | 1 Jul 202605:01 | – | circl | |
| CVE-2026-14191 | 1 Jul 202602:41 | – | cve | |
| CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader | 1 Jul 202602:41 | – | cvelist | |
| EUVD-2026-40869 | 1 Jul 202602:41 | – | euvd | |
| WinRAR flaw could allow attackers to take control of your computer | 2 Jul 202612:38 | – | malwarebytes | |
| CVE-2026-14191 | 1 Jul 202604:16 | – | nvd | |
| UBUNTU-CVE-2026-14191 | 1 Jul 202604:16 | – | osv | |
| PT-2026-54451 | 1 Jul 202600:00 | – | ptsecurity | |
| CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader | 1 Jul 202602:41 | – | vulnrichment |
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/security/CVE-2026-14191 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(324678);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/02");
script_cve_id("CVE-2026-14191");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-14191");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR
(RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when the first .rev file in a
set is processed; subsequent .rev files supply an independent RecNum value that is validated against that
file's own TotalCount field but never against the actual size of RecItems. A crafted set of two or more
.rev files can therefore write an attacker-controlled 32-bit value (the header's RevCRC field) to
RecItems[RecNum] at an attacker-controlled offset up to 65534 * sizeof(RecVolItem) bytes past the
allocation, corrupting adjacent heap objects. Triggering requires the victim to run a recovery/test
operation on an attacker-supplied .rev set (for example 'unrar t x.part1.rev', WinRAR 'Repair archive', or
auto-recovery when extracting a volume set with a missing .rar part). This is the RAR5-path sibling of
CVE-2023-40477 (which was fixed in the RAR3 path only in WinRAR 6.23). Fixed in WinRAR / RAR 7.23.
(CVE-2026-14191)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-14191");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-14191");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:26.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:unrar-nonfree");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10", "Host/OS/Ubuntu Linux-26.04");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Ubuntu Linux-16.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "16.04",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
},
"Ubuntu Linux-18.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "18.04",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
},
"Ubuntu Linux-20.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "20.04",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
},
"Ubuntu Linux-22.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "22.04",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
},
"Ubuntu Linux-24.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "24.04",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
},
"Ubuntu Linux-25.10": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.10",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
},
"Ubuntu Linux-26.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "26.04",
"pkgs": [
{"reference": "unrar-nonfree"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation