CVE-2026-4424

High CVSS: 7.5

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Vendor

Product

CWE

CWE-125

Yayın Tarihi

2026-03-19 15:16:28

Güncelleme

2026-03-20 13:39:46

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-125 HIGH 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-4424 https://bugzilla.redhat.com/show_bug.cgi?id=2449006 https://github.com/libarchive/libarchive/pull/2898