A security vulnerability has been discovered in WinRAR that may allow attackers to execute remote code on users' computers. The flaw, identified as CVE-2026-14191, involves the handling of RAR5 recovery-volume files. It can lead to corruption of memory buffers, potentially enabling exploitation by malicious actors. Users are advised to upgrade to WinRAR version 7.23 to mitigate the risk, as updates are not automatically applied.
Additionally, users should be vigilant and avoid opening unverified attachments, utilize updated anti-malware solutions, and consider removing WinRAR if it's not essential. The lack of automatic updates poses a significant risk, as many may not realize they need to upgrade.