All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Critical 7-Zip vulnerability (CVE-8.8) enables code execution via crafted archive files; update to version 26.01 urged

By

Bruno Ferreira

1d ago· 5 min readenNews
Bagel score 92 of 100
92/100
Golden Brown
Bagelometer

Sesame, salt, and substance. A flagship bake.

Score92TypenewsSentimentnegative

Summary

A critical 8.8-rated CVE vulnerability has been discovered in the popular open-source archive utility 7-Zip. The flaw allows remote code execution when a user simply opens a specially crafted archive file (such as .7z, .zip, or .rar) on a machine with at least 16 GB of RAM — no extraction is necessary. The vulnerability affects hundreds of millions of machines globally. Users are urged to update immediately to version 26.01 to patch the security flaw.

Key quotes

· 3 pulled
If a user simply opens a booby-trapped crafted archive (.7z, .zip, .rar, etc) on a machine with at least 16 GB of RAM, they'll be running malicious code.
Extracting the archive isn't necessary; only opening it is enough.
We recommend that everyone immediately update to the latest version, 26.01.
Snippet from the RSS feed
Everyone, get your update hats on immediately; we're at DEFCON 1

You might also wanna read

Malicious Backdoor Discovered in XZ Utils Compression Software Affecting Linux Systems

The article details the discovery of a sophisticated backdoor in the XZ Utils compression software, a critical open-source component used in

en.wikipedia.org·5mo ago

Russian Cybercrime Groups Exploit WinRAR Zero-Day Vulnerability

A high-severity zero-day vulnerability in WinRAR is being actively exploited by two Russian cybercrime groups, allowing them to backdoor com

arstechnica.com·9mo ago

Dirty Frag (CVE-2026-43284): Critical Linux Kernel Root Exploit Disclosed — Second Major Vulnerability in Eight Days

A critical Linux kernel vulnerability called "Dirty Frag" (CVE-2026-43284 and CVE-2026-43500) has been publicly disclosed, giving root acces

copahost.com·22d ago

GitHub Releases 7-Zip 25.00 with Enhanced CPU Thread Support

GitHub released version 25.00 of 7-Zip, enabling Windows to utilize more than 64 CPU threads for compression. The update also includes enhan

github.com·11mo ago

OpenCode AI Coding Agent Hit with Critical Remote Code Execution Vulnerability

OpenCode, a popular open-source AI coding agent, was recently hit with a critical CVE (Common Vulnerabilities and Exposures) that allowed fo

johncodes.com·4mo ago

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·7mo ago