A critical heap buffer overflow vulnerability (CVE-2026-48095) in 7-Zip version 26.00 allows attackers to execute arbitrary code by exploiting a defect in the NTFS archive handler’s compression unit size calculation, causing a vtable hijack. This vulnerability affects both 32-bit and 64-bit builds, can be triggered by opening a crafted NTFS image with any file extension, and has a high severity score of 8.8; users are urged to update immediately to version 26.01 to mitigate the risk.
https://cybersecuritynews.com/7-zip-vulnerabilities-code-execution/

