Skip to main content

7-Zip CVE-2026-48101

| EUVD-2026-34849 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-06-05 GitHub_M
Information Disclosure 7 Zip
6.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jun 05, 2026 - 17:01 EUVD
Analysis Generated
Jun 05, 2026 - 16:17 vuln.today

DescriptionCVE.org

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize (up to 1 GiB) without zero-initialization, then reads the file contents into it with ReadStream_FALSE whose return value is silently discarded. If the file is truncated, the unread tail of the buffer retains uninitialized heap memory, which is then exposed as extracted file content via GetStream. Version 26.0.1 fixes the issue.

AnalysisAI

Uninitialized heap memory disclosure in 7-Zip's UEFI capsule (.scap) parser exposes potentially sensitive heap contents when an unauthenticated remote attacker delivers a crafted capsule file that a user opens. The OpenCapsule function allocates a heap buffer sized by the attacker-controlled CapsuleImageSize field without zero-initialization, then silently ignores read failures on truncated files, causing the unread tail - containing raw heap data - to be surfaced as extracted file content. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft truncated .scap with oversized CapsuleImageSize
Delivery
Deliver via phishing or download
Exploit
Victim opens file in 7-Zip
Install
OpenCapsule allocates uninitialized heap buffer
C2
ReadStream_FALSE partial read silently discarded
Execute
Uninitialized heap memory exposed via GetStream as extracted content
Impact
Attacker recovers sensitive heap data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The victim must open a specially crafted UEFI capsule (.scap) file using an affected version of 7-Zip (9.21 through 26.00); this satisfies the UI:R (user interaction required) condition in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N yields a 6.5 (Medium), reflecting high confidentiality impact but constrained by the UI:R (user interaction required) element - the victim must manually open the crafted file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious .scap file with a CapsuleImageSize header value set to a large number (e.g., 500 MiB) while providing only a small amount of actual file data, creating a deliberately truncated capsule. The file is delivered to a target via phishing email, a download link, or a shared network drive, and the victim opens it with 7-Zip. …
Remediation Upgrade 7-Zip to version 26.0.1 or later, which resolves the uninitialized heap disclosure by ensuring the buffer is zero-initialized before use and/or properly handling partial reads from ReadStream_FALSE. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-48101 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy