WinRAR 7.23 Patches Critical Heap Overflow Vulnerability (CVE-2026-14191)
WinRAR has released version 7.23, addressing a critical heap overflow vulnerability (CVE-2026-14191) in its RAR5 recovery volume processing code. The flaw, discovered by security researcher Arjun Basnet of Securin Labs, could allow attackers to trigger out-of-bounds writes on the heap by crafting malicious RAR5 recovery volume (.rev) files. Exploitation may lead to application crashes or, under specific conditions, arbitrary code execution.
The vulnerability affects WinRAR, command-line RAR, and UnRAR components, though the UnRAR.dll library used in third-party integrations is not directly impacted, as it lacks recovery volume processing. Attackers would need to trick users or automated systems into processing a malicious .rev file alongside a target archive, a tactic relevant in environments where RAR tools are embedded in email servers, backup systems, or file-processing pipelines.
In addition to the heap overflow fix, WinRAR 7.23 strengthens symbolic link handling during extraction to prevent path-traversal attacks, even without the -ola option enabled. The update also includes security patches for the bundled 7z extraction library (7zxa.dll v26.02), addressing upstream vulnerabilities in 7-Zip archive processing.
Given the historical exploitation of WinRAR flaws in financially motivated attacks, organizations are advised to update to version 7.23 or later, particularly on systems handling untrusted archives. Systems embedding RAR or UnRAR in server-side workflows should verify updated binaries and monitor for suspicious recovery volumes.
Source: https://cybersecuritynews.com/winrar-7-23-fixes-heap-overflow-vulnerability/
WinRAR TPRM report: https://www.rankiteo.com/company/win.rar-gmbh
"id": "win1782980631",
"linkid": "win.rar-gmbh",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'File Archiving/Compression',
'name': 'WinRAR',
'type': 'Software'}],
'attack_vector': 'Malicious RAR5 recovery volume (.rev) files',
'description': 'WinRAR has released version 7.23, addressing a critical heap '
'overflow vulnerability (CVE-2026-14191) in its RAR5 recovery '
'volume processing code. The flaw, discovered by security '
'researcher Arjun Basnet of Securin Labs, could allow '
'attackers to trigger out-of-bounds writes on the heap by '
'crafting malicious RAR5 recovery volume (.rev) files. '
'Exploitation may lead to application crashes or, under '
'specific conditions, arbitrary code execution.',
'impact': {'operational_impact': 'Application crashes, potential arbitrary '
'code execution',
'systems_affected': 'WinRAR, command-line RAR, UnRAR components'},
'post_incident_analysis': {'corrective_actions': 'Patch released, '
'strengthened symbolic link '
'handling, updated 7z '
'extraction library',
'root_causes': 'Heap overflow in RAR5 recovery '
'volume processing code'},
'recommendations': 'Update to WinRAR 7.23 or later, particularly on systems '
'handling untrusted archives. Verify updated binaries in '
'server-side workflows embedding RAR/UnRAR.',
'references': [{'source': 'Securin Labs (Researcher: Arjun Basnet)'}],
'response': {'containment_measures': 'Patch released (WinRAR 7.23)',
'enhanced_monitoring': 'Monitor for suspicious recovery volumes',
'remediation_measures': 'Update to WinRAR 7.23 or later, verify '
'updated binaries in embedded systems'},
'title': 'WinRAR 7.23 Patches Critical Heap Overflow Vulnerability '
'(CVE-2026-14191)',
'type': 'Vulnerability',
'vulnerability_exploited': 'CVE-2026-14191 (Heap Overflow)'}