A critical security flaw in the file archiver 7-Zip, tracked as CVE-2026-48095, has been discovered, allowing attackers to execute arbitrary code or crash applications. Found by Jaroslav Lobačevski from GitHub Security Lab, the flaw arises from a heap buffer overflow caused by an under-allocation error in the NTFS compressed stream buffer during size computation. Attackers can exploit this vulnerability through crafted NTFS images, affecting various archive file types.
With public disclosure of the flaw and accessible proof-of-concept code, users are advised to exercise caution and promptly update their 7-Zip installations to prevent potential exploits.