7-Zip <= 26.02 Mark-of-the-Web Bypass (CVE-2026-58052)

medium Nessus Plugin ID 324932

Synopsis

An application installed on the remote host is affected by a vulnerability.

Description

The version of 7-Zip installed on the remote Windows host is 26.02 or earlier. It is, therefore, affected by a vulnerability:

- 7-Zip for Windows fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched and NTFS canonicalizes it to the same stream, overwriting the propagated Internet-zone marker with ZoneId=0. A second STM record named '::$DATA' overwrites the extracted file's default data stream, letting an attacker defeat SmartScreen/MotW warnings and spoof file content. (CVE-2026-58052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

See vendor advisory for remediation guidance.

See Also

https://github.com/advisories/GHSA-fx33-p83c-vpr5

http://www.nessus.org/u?793d2331

Plugin Details

Severity: Medium

ID: 324932

File Name: 7zip_CVE-2026-58052.nasl

Version: 1.2

Type: Local

Agent: windows

Family: Windows

Published: 7/3/2026

Updated: 7/6/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.2

Percentile: 0.01

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2026-58052

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:7-zip:7-zip

Required KB Items: installed_sw/7-Zip

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/28/2026

Reference Information

CVE: CVE-2026-58052