THE page outlines a critical security vulnerability in 7-Zip, identified as CVE-2026-14266, which can lead to remote code execution through crafted XZ-compressed data. Scored with a CVSS of 7.0, it requires user interaction to exploit, such as opening a malicious file. A fix was released in version 26.02, available since June 25, 2026. The advisory emphasizes the importance of updating to the latest version and exercising caution with files from unknown sources. As of now, there are no confirmed cases of the vulnerability being exploited in the wild.
CVE-2026-14266 flaw lets execute code via malicious XZ files
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT