securityonline.info 7/17/2026, 4:46:30 AM · external

CVE-2026-14266 flaw lets execute code via malicious XZ files

CVE-2026-14266 flaw lets execute code via malicious XZ files
CyberSIXT Evidence Panel Source marked as original reporting
CISA KEV Not in KEV
Patch Patch Status Unknown

THE page outlines a critical security vulnerability in 7-Zip, identified as CVE-2026-14266, which can lead to remote code execution through crafted XZ-compressed data. Scored with a CVSS of 7.0, it requires user interaction to exploit, such as opening a malicious file. A fix was released in version 26.02, available since June 25, 2026. The advisory emphasizes the importance of updating to the latest version and exercising caution with files from unknown sources. As of now, there are no confirmed cases of the vulnerability being exploited in the wild.

View full article

Article by CyberSIXT