{"id":259965,"date":"2026-05-28T07:00:00","date_gmt":"2026-05-28T11:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk-2\/"},"modified":"2026-05-31T00:26:05","modified_gmt":"2026-05-31T04:26:05","slug":"wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk-2","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk-2\/","title":{"rendered":"Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution \u2014 hundreds of millions of machines potentially at risk"},"content":{"rendered":"

Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution \u2014 hundreds of millions of machines potentially at risk<\/a><\/p>\n

https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk<\/a><\/p>\n

Publish Date: 2026-05-28 07:00:00<\/a><\/p>\n

Source Domain: www.tomshardware.com<\/a><\/p>\n

There seems to be no end in sight for serious, wide-ranging security vulnerabilities these days. The ever-popular open-source archive-handling utility 7-Zip is now in the spotlight due to an 8.8-rated CVE vulnerability in its archive-opening procedure. If a user simply opens a booby-trapped crafted archive (.7z, .zip, .rar, etc) on a machine with at least 16 GB of RAM, they’ll be running malicious code. Extracting the archive isn’t necessary; only opening it is enough. We recommend that everyone immediately update to the latest version, 26.01, published in late April; all previous versions are vulnerable.<\/p>\n

This is a particularly “oh sugar honey ice tea” moment because of how widespread 7-Zip is in practice. Most people would only think of the Windows graphical application, but every command-line variant is vulnerable across multiple operating systems. 7-Zip doesn’t have any built-in update mechanisms, relying instead on user-initiated updates or package management systems.<\/p>\n

The Windows application being vulnerable is bad enough; however, one needs to add millions of command-line scripts that are indirectly vulnerable, as are CI\/CD workflows. Anything that so much as calls any variant of the “7z” binary and opens a poisoned archive, even if just to list the contents, is at risk.<\/p>\n

Latest Videos From<\/span><\/span><\/span>\"\"
\n
\n You may like
\n <\/span><\/p>\n

Go deeper with TH Premium: AI and data centers<\/p>\n

\n

\"Microsoft\n<\/p>\n

(Image credit: Microsoft)<\/span><\/p>\n

Adding fuel to the fire, a good number of Linux distributions come with long-outdated “p7zip” ports of the utility. Heck, just think of a server that automatically lists archive contents for some reason, and it’s almost certainly vulnerable. Sourceforge lists some 400 million 7-Zip downloads, while Chocolatey has 24.5 million, so adding to that copious amounts of Linux servers and VMs, we could be discussing hundreds of millions of vulnerable machines.<\/p>\n

But wait, there’s more. The open nature of 7z means that its base libraries are included among…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution \u2014 hundreds of millions…<\/p>\n","protected":false},"author":1,"featured_media":259966,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/ucUhNfGZdnCABW3iy4K22E-2121-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,90,57,27],"class_list":["post-259965","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-cve","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259965"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=259965"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259965\/revisions"}],"predecessor-version":[{"id":259968,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259965\/revisions\/259968"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/259966"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=259965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=259965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=259965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}