New 7-Zip security flaw could put hundreds of millions of systems at risk

FACEPALM: The widely used 7-Zip utility is once again affected by a potentially dangerous security vulnerability. The open-source file archiver can be exploited to execute malicious code by tricking users into opening specially crafted archives. End users and system administrators are advised to install the latest version of the software as soon as possible.

A recently disclosed security flaw could turn 7-Zip into a powerful tool for cybercriminals seeking to spread malware online and compromise large numbers of PCs. The free file archiver, which has repeatedly been affected by critical vulnerabilities, contains a bug in the way it handles NTFS-based volume image files. Victims only need to open a specially crafted archive for the exploit to execute.

The GHSL-2026-140 vulnerability was discovered in April and is currently tracked as CVE-2026-48095. The issue stems from a heap-based buffer overflow, a type of memory corruption vulnerability that can be exploited by overwriting data stored in dynamically allocated memory.

According to SOC Prime, CVE-2026-48095 is triggered when an archive contains a maliciously crafted NTFS image file. Once the archive is opened, vulnerable versions of 7-Zip trigger undefined behavior in the program's buffer size calculation routine. The file archiver then allocates an insufficient amount of memory while processing the archive, potentially overwriting adjacent heap data.