{"id":221724,"date":"2026-05-28T07:00:00","date_gmt":"2026-05-28T11:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk\/"},"modified":"2026-05-28T09:50:14","modified_gmt":"2026-05-28T13:50:14","slug":"wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk\/","title":{"rendered":"Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution \u2014 hundreds of millions of machines potentially at risk"},"content":{"rendered":"<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk\">Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution \u2014 hundreds of millions of machines potentially at risk<\/a><\/p>\n<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk\">https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-28 07:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.tomshardware.com\">www.tomshardware.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>There seems to be no end in sight for serious, wide-ranging security vulnerabilities these days. The ever-popular open-source archive-handling utility 7-Zip is now in the spotlight due to an 8.8-rated CVE vulnerability in its archive-opening procedure. If a user simply opens a booby-trapped crafted archive (.7z, .zip, .rar, etc) on a machine with at least 16 GB of RAM, they&#8217;ll be running malicious code. Extracting the archive isn&#8217;t necessary; only opening it is enough. We recommend that everyone immediately update to the latest version, 26.01, published in late April; all previous versions are vulnerable.This is a particularly &#8220;oh sugar honey ice tea&#8221; moment because of how widespread 7-Zip is in practice. Most people would only think of the Windows graphical application, but every command-line variant is vulnerable across multiple operating systems. 7-Zip doesn&#8217;t have any built-in update mechanisms, relying instead on user-initiated updates or package management systems.The Windows application being vulnerable is bad enough; however, one needs to add millions of command-line scripts that are indirectly vulnerable, as are CI\/CD workflows. Anything that so much as calls any variant of the &#8220;7z&#8221; binary and opens a poisoned archive, even if just to list the contents, is at risk.Latest Videos From<\/p>\n<p>            You may like<\/p>\n<p>    Go deeper with TH Premium: AI and data centers <\/p>\n<p>(Image credit: Microsoft)Adding fuel to the fire, a good number of Linux distributions come with long-outdated &#8220;p7zip&#8221; ports of the utility. Heck, just think of a server that automatically lists archive contents for some reason, and it&#8217;s almost certainly vulnerable. Sourceforge lists some 400 million 7-Zip downloads, while Chocolatey has 24.5 million, so adding to that copious amounts of Linux servers and VMs, we could be discussing hundreds of millions of vulnerable machines.But wait, there&#8217;s more. The open nature of 7z means that its base libraries are included among a wealth of third-party software. Potential targets for exploitation include anti-virus scanners, backup and automation tools, log analysis software, malware analysis with automated scanning, and even many file managers.In practice, the aforementioned software doesn&#8217;t require user intervention to ingest a poisoned archive, and the situation gets worse because a good portion of it runs with elevated permissions. All things considered, it&#8217;s reasonable to guess that almost every computer and server has some exploitable 7-Zip binary or code that&#8217;s vulnerable to what amounts to a drive-by attack.Some cursory testing of our own shows that Ubuntu 24, Ubuntu 26, and RHEL 8 all carry vulnerable versions. If all that wasn&#8217;t bad enough, many OEM systems include 7-Zip by default because it&#8217;s great, open, and free. The &#8220;p7zip&#8221; package is common across Fedora; many Docker images also run on mainline versions.Get Tom&#8217;s Hardware&#8217;s best news and in-depth reviews, straight to your inbox.The actual vulnerability is fairly complicated to describe, but pertains to a part of code that 7-Zip can use to open NTFS disk images. Opening .ntfs and .img disk images has long been a feature of 7-Zip, and there&#8217;s a bug in the code that allows an attacker to provide incorrect values for a buffer, which in turn can be made bigger than intended and contain malicious code to be executed. If by now you&#8217;re thinking &#8220;I don&#8217;t use those file types&#8221;, 7-Zip doesn&#8217;t use the file extension to determine its type \u2014 it relies on the file&#8217;s first few bytes, so providing a malicious NTFS image inside a .7z, .rar, .zip (and others) will work just fine. <\/p>\n<p>Follow Tom&#8217;s Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, &#038; reviews in your feeds.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution \u2014 hundreds of millions&#8230;<\/p>\n","protected":false},"author":1,"featured_media":221727,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/ucUhNfGZdnCABW3iy4K22E-2121-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,32,27],"class_list":["post-221724","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221724"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=221724"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221724\/revisions"}],"predecessor-version":[{"id":221728,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221724\/revisions\/221728"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/221727"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=221724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=221724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=221724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}