4 matches found
7-Zip <= 26.02 Mark-of-the-Web Bypass (CVE-2026-58052)
The version of 7-Zip installed on the remote Windows host is 26.02 or earlier. It is, therefore, affected by a vulnerability: - 7-Zip for Windows fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier...
CVE-2026-14164
CVE-2026-14164 concerns libarchive’s RAR5 reader. A double-free arises when a filtered_buf pointer remains stale after being freed during unpack state reinitialization, allowing a second free on processing a subsequent archive entry. The issue is triggered by parsing a specially crafted RAR5 arch...
PT-2026-53084
Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...
EulerOS Virtualization 2.13.0 : libarchive (EulerOS-SA-2026-2401)
According to the versions of the libarchive packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddat...