A critical heap buffer overflow vulnerability (CVE-2026-48095 / GHSL-2026-140) has been disclosed in 7-Zip version 26.00, affecting the popular open-source archive utility’s NTFS handler. The flaw enables attackers to execute arbitrary code via a classic vtable hijack, requiring only that a victim open a specially crafted NTFS image file. The vulnerability resides in the CInStream::GetCuSize() function within NtfsHandler.cpp, […]
The post New 7-Zip Vulnerabilities Enable Arbitrary Code Execution appeared first on Cyber Security News.