securityonline.info 7/2/2026, 10:32:56 AM · external

Gzip CVE-2026-41991/2 let attackers overwrite files

Gzip CVE-2026-41991/2 let attackers overwrite files
CyberSIXT Evidence Panel
Primary Source cert.pl
CISA KEV Not in KEV
Patch Patch Available

THE content reports two critical vulnerabilities discovered in GNU gzip, identified as CVE-2026-41991 and CVE-2026-41992. The first vulnerability (CVE-2026-41991) allows local attackers to overwrite files using a gzexe symlink attack due to predictable temporary filenames. The second vulnerability (CVE-2026-41992) triggers an out-of-bounds read in the decompression code. Both vulnerabilities affect all versions up to 1.14 and have a medium to high severity rating. Proper patching is advised as the gzip tool is widely used across Linux and Unix systems, and currently, there have been no confirmed exploits.

View Primary Source Via securityonline.info

Article by CyberSIXT