CVE-2026-48103: CWE-125: Out-of-bounds Read in mcmilk 7-Zip
CVE-2026-48103 is an out-of-bounds read vulnerability in 7-Zip versions 9. 34 through 26. 00 affecting the WIM archive handler's security descriptor lookup. The flaw occurs due to an off-by-one error in bounds checking, allowing a read past the allocated heap buffer. This vulnerability can be triggered without user interaction when listing certain archive files. The impact is limited to denial of service and minor information disclosure, with no ability to write or execute arbitrary code. No official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
7-Zip versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM archive handler's security descriptor lookup function (CHandler::GetSecurity). The vulnerability arises because the check on securityId allows it to equal numEntries, leading to a read one UInt32 past the end of the SecurOffsets array. The securityId is attacker-controlled within WIM metadata directory entries. This vulnerability affects file types .wim, .swm, .esd, and .ppkg and can be triggered during archive listing in both GUI and CLI. The out-of-bounds read results in denial of service under hardened allocators and minor information disclosure, but no write or code execution is possible.
Potential Impact
The vulnerability allows an attacker to cause a denial of service by triggering an out-of-bounds read in the 7-Zip WIM archive handler. Minor information disclosure is possible due to the out-of-bounds value being used arithmetically as a length, but this value is not directly exposed to the attacker. There is no ability to write to memory or execute arbitrary code. The attack can be triggered without user interaction when listing archive contents.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when opening or listing WIM, SWM, ESD, and PPKG archive files from untrusted sources. No specific vendor mitigation or workaround has been provided at this time.
CVE-2026-48103: CWE-125: Out-of-bounds Read in mcmilk 7-Zip
Description
CVE-2026-48103 is an out-of-bounds read vulnerability in 7-Zip versions 9. 34 through 26. 00 affecting the WIM archive handler's security descriptor lookup. The flaw occurs due to an off-by-one error in bounds checking, allowing a read past the allocated heap buffer. This vulnerability can be triggered without user interaction when listing certain archive files. The impact is limited to denial of service and minor information disclosure, with no ability to write or execute arbitrary code. No official patch or remediation guidance is currently available.
CVSS v3.1
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
7-Zip versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM archive handler's security descriptor lookup function (CHandler::GetSecurity). The vulnerability arises because the check on securityId allows it to equal numEntries, leading to a read one UInt32 past the end of the SecurOffsets array. The securityId is attacker-controlled within WIM metadata directory entries. This vulnerability affects file types .wim, .swm, .esd, and .ppkg and can be triggered during archive listing in both GUI and CLI. The out-of-bounds read results in denial of service under hardened allocators and minor information disclosure, but no write or code execution is possible.
Potential Impact
The vulnerability allows an attacker to cause a denial of service by triggering an out-of-bounds read in the 7-Zip WIM archive handler. Minor information disclosure is possible due to the out-of-bounds value being used arithmetically as a length, but this value is not directly exposed to the attacker. There is no ability to write to memory or execute arbitrary code. The attack can be triggered without user interaction when listing archive contents.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when opening or listing WIM, SWM, ESD, and PPKG archive files from untrusted sources. No specific vendor mitigation or workaround has been provided at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-20T18:40:45.835Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a22fdf3e29bf47b50937323
Added to database: 6/5/2026, 4:48:51 PM
Last enriched: 6/5/2026, 5:04:10 PM
Last updated: 6/5/2026, 6:10:41 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.