7-Zip

Vulnerabilities 2026-05-26
7-Zip CVE-2026-48095: NTFS Parser Heap Overflow Lets Any Double-Clicked Archive Hijack a vtable
A signed-shift bug in 7-Zip's NTFS handler under-allocates a 1-byte buffer, then writes up to 256 MB of attacker-controlled data straight through the adjacent stream object's vtable pointer. Patched in 26.01.
7-zip cve-2026-48095 heap-overflow ntfs rce vtable-hijack windows linux

7-Zip CVE-2026-48095: NTFS Parser Heap Overflow Lets Any Double-Clicked Archive Hijack a vtable