All incidents

WinRAR heap overflow vulnerability (CVE-2026-14191) allows remote code execution

vulnerabilityopenJul 2, 2026 — Jul 2, 2026
WinRAR flaw CVE-2026-14191 lets attackers run remote code

A newly disclosed vulnerability in WinRAR, tracked as CVE-2026-14191, allows attackers to execute remote code when a user opens a specially crafted RAR5 recovery-volume file, according to Malwarebytes and SecurityOnline. The flaw was first observed on 2 July 2026 and a patch is now available.

The issue stems from a heap overflow in the WinRAR parser that handles RAR5 recovery-volume data, which can corrupt internal memory buffers and give an attacker control over the affected system, as noted in the CVE record CVE-2026-14191. The vulnerability carries a CVSS v3 score of 7.8, rating it as high severity.

All versions of WinRAR prior to 7.23 are impacted, regardless of operating system, and the software does not apply updates automatically, leaving many installations exposed until users manually install the latest release. Users should verify their current version and upgrade to 7.23 or later to close the gap.

At present there is no evidence of active exploitation in the wild and no specific threat actors have been linked to CVE-2026-14191, though the widespread use of WinRAR for sharing archives means the potential impact remains significant. Researchers from Securin Labs, who reported the flaw to RARLAB, have warned that malicious actors could quickly weaponise the issue if it is not mitigated.

Defenders should prioritise upgrading to WinRAR 7.23 immediately, which can be downloaded from the official RARLAB site rarnew.htm. In addition, organisations should remind employees to avoid opening archive files from unknown or untrusted sources and to keep endpoint anti‑malware solutions up to date.

Finally, if WinRAR is not required for daily operations, consider uninstalling the program to reduce the attack surface. Maintain a regular patch‑management routine for all third‑party utilities to prevent similar oversights in the future.

Intelligence briefing updated Jul 2, 2026

CVE-2026-14191 7.8
Root sourcewww.cve.org
Timeline Coverage

Swipe to explore timeline