EXECUTIVE SUMMARY:
CVE-2026-48095 with a CVSS score of 8.8 is a heap buffer overflow vulnerability in 7-Zip where the NTFS archive handler miscalculates the compression-unit buffer size during a left-shift operation. A crafted NTFS image can set ClusterSizeLog = 28 or greater and CompressionUnit = 4, causing the shift exponent to reach an unsafe value that masks the count and allocates a one-byte buffer that is subsequently overwritten with a large volume of attacker-controlled data. The resulting overflow corrupts the adjacent CInStream object's vtable pointer, enabling a vtable hijack that can lead to arbitrary code execution when a malicious file is opened. The vulnerable code path can be triggered through various archive formats, including .7z, .zip, and .rar. Successful exploitation may allow attackers to install malware, exfiltrate sensitive information, establish persistence, or move laterally within a network. The business impact includes system compromise, ransomware deployment, data loss, operational disruption, and potential denial-of-service conditions. Exploitation requires only the delivery of a specially crafted NTFS image and the victim opening the file, making it a significant risk for organizations that process untrusted archives.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-48095 with a CVSS score of 8.8 is a heap buffer overflow vulnerability in 7-Zip where the NTFS archive handler miscalculates the compression-unit buffer size during a left-shift operation. A crafted NTFS image can set ClusterSizeLog = 28 or greater and CompressionUnit = 4, causing the shift exponent to reach an unsafe value that masks the count and allocates a one-byte buffer that is subsequently overwritten with a large volume of attacker-controlled data. The resulting overflow corrupts the adjacent CInStream object's vtable pointer, enabling a vtable hijack that can lead to arbitrary code execution when a malicious file is opened. The vulnerable code path can be triggered through various archive formats, including .7z, .zip, and .rar. Successful exploitation may allow attackers to install malware, exfiltrate sensitive information, establish persistence, or move laterally within a network. The business impact includes system compromise, ransomware deployment, data loss, operational disruption, and potential denial-of-service conditions. Exploitation requires only the delivery of a specially crafted NTFS image and the victim opening the file, making it a significant risk for organizations that process untrusted archives.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/7-zip-vulnerabilities-code-execution/
[/emaillocker]