7-Zip < 26.01 NTFS Heap Buffer Overflow (GHSL-2026-140)

high Nessus Plugin ID 327608

Synopsis

The remote host has an application installed that is affected by a heap buffer overflow vulnerability.

Description

The version of 7-Zip installed on the remote Windows host is prior to 26.01. It is, therefore, affected by a vulnerability:

- A heap buffer overflow vulnerability exists in the NTFS archive handler. The CInStream::GetCuSize() function computes the compression-unit buffer size using a 32-bit shift that reaches undefined behavior when ClusterSizeLog >= 28 and CompressionUnit == 4, causing _inBuf to be allocated as 1 byte. ReadStream_FALSE then writes up to 256 MB of attacker-controlled data into this buffer, leading to a vtable hijack and potential arbitrary code execution. (CVE-2026-48095)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to 7-Zip version 26.01 or later.

See Also

https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/

https://sourceforge.net/p/sevenzip/discussion/45797/thread/555e132ba4

Plugin Details

Severity: High

ID: 327608

File Name: 7zip_26_01_CVE-2026-48095.nasl

Version: 1.1

Type: Local

Agent: windows

Family: Windows

Published: 7/17/2026

Updated: 7/17/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.9

Percentile: 99.36

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-48095

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:7-zip:7-zip

Required KB Items: installed_sw/7-Zip

Patch Publication Date: 4/27/2026

Vulnerability Publication Date: 5/22/2026

Reference Information

CVE: CVE-2026-48095