A critical vulnerability, CVE-2026-14191, has been identified in RARLAB's WinRAR software, affecting versions below 7.23. This vulnerability is a heap overflow in the RAR5 recovery-volume parser, which can lead to potential exploits, although no active exploitation has been confirmed yet. Users are advised to update to version 7.23 to mitigate this risk. The flaw demonstrates risks associated with archive tools that users frequently engage with, emphasizing the importance of careful handling of untrusted archives. RARLAB has credited the vulnerability report to Arjun Basnet from Securin Labs.
Critical WinRAR heap overflow CVE-2026-14191 puts users at risk
CyberSIXT Evidence Panel
Article by CyberSIXT