2 min read

7-Zip 26.02 Patches XZ Code-Execution Flaw

7-Zip 26.02 fixes an XZ decompression flaw that could enable code execution through malicious archives. Users must update manually.

Image: BleepingComputer

7-Zip 26.02 fixes a remote code execution vulnerability that could let attackers run malicious code after persuading users to open specially crafted compressed files. The flaw affects the utility’s handling of XZ-compressed data.

The vulnerability was disclosed by Lunbun researcher Landon Peng. According to a Zero Day Initiative advisory, specially crafted XZ data can trigger a heap-based buffer overflow, potentially allowing arbitrary code execution with the privileges of the current user.

How the 7-Zip vulnerability works

The developer has not published technical details, but changes in the 26.02 source code indicate that the fix addresses how 7-Zip tracks available space while decompressing XZ data. New checks prevent the decoder from writing beyond the remaining space in an output buffer, blocking the suspected heap-based overflow.

Exploitation requires user interaction, such as visiting a malicious webpage or opening a malicious archive. Attackers could distribute such files through phishing or social engineering campaigns to install malware on vulnerable Windows systems.

Archive-processing flaws have been exploited before. In early 2025, attackers used a 7-Zip vulnerability to bypass Windows' Mark of the Web (MotW) security feature as a zero-day. Later that year, a Russian hacking group exploited the WinRAR CVE-2025-8088 vulnerability through phishing attacks to install RomCom malware.

Recommended reading

WordPress wp2shell RCE Exploits Are Now Public

How to install the security update

7-Zip does not offer automatic updates, so users must manually download version 26.02 from the official website, 7-zip.org. There are currently no reports that attackers are actively exploiting this newly disclosed vulnerability, but updating promptly reduces the risk of future attacks.

Article image
Article image
Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via BleepingComputer

/ Keep reading