Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse (CPP/7zip/Archive/Udf/UdfIn.cpp), after validating size < 38 + idLen + impLen and advancing processed to 38 + impLen + idLen, the alignment-padding loop reads p[processed] while incrementing up to 3 times to reach a 4-byte boundary, and the processed <= size bounds check only runs after the loop. When (38 + impLen + idLen) % 4 != 0 and 38 + impLen + idLen == size, the loop reads 1 to 3 bytes past the end of the exact-size heap buffer allocated via buf.Alloc((size_t)item.Size). The UDF handler is registered for .iso and .udf files and auto-detected by signature, and the OOB read triggers during Open() when listing or extracting a crafted UDF image. Impact is limited to information disclosure (a 1-bit oracle per OOB byte via open/fail behavior) and denial of service (crash under hardened allocators); there is no write primitive. Version 26.01 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.2%
CVSS Severity
CVSS v3 Score 3.1
Products affected by CVE-2026-48102
  • 7-Zip » 7-Zip » Version: 15.05
    cpe:2.3:a:7-zip:7-zip:15.05
  • 7-Zip » 7-Zip » Version: 15.06
    cpe:2.3:a:7-zip:7-zip:15.06
  • 7-Zip » 7-Zip » Version: 15.07
    cpe:2.3:a:7-zip:7-zip:15.07
  • 7-Zip » 7-Zip » Version: 15.08
    cpe:2.3:a:7-zip:7-zip:15.08
  • 7-Zip » 7-Zip » Version: 15.09
    cpe:2.3:a:7-zip:7-zip:15.09
  • 7-Zip » 7-Zip » Version: 15.10
    cpe:2.3:a:7-zip:7-zip:15.10
  • 7-Zip » 7-Zip » Version: 15.11
    cpe:2.3:a:7-zip:7-zip:15.11
  • 7-Zip » 7-Zip » Version: 15.12
    cpe:2.3:a:7-zip:7-zip:15.12
  • 7-Zip » 7-Zip » Version: 15.13
    cpe:2.3:a:7-zip:7-zip:15.13
  • 7-Zip » 7-Zip » Version: 15.14
    cpe:2.3:a:7-zip:7-zip:15.14
  • 7-Zip » 7-Zip » Version: 16.00
    cpe:2.3:a:7-zip:7-zip:16.00
  • 7-Zip » 7-Zip » Version: 16.01
    cpe:2.3:a:7-zip:7-zip:16.01
  • 7-Zip » 7-Zip » Version: 16.02
    cpe:2.3:a:7-zip:7-zip:16.02
  • 7-Zip » 7-Zip » Version: 16.03
    cpe:2.3:a:7-zip:7-zip:16.03
  • 7-Zip » 7-Zip » Version: 16.04
    cpe:2.3:a:7-zip:7-zip:16.04
  • 7-Zip » 7-Zip » Version: 17.00
    cpe:2.3:a:7-zip:7-zip:17.00
  • 7-Zip » 7-Zip » Version: 17.01
    cpe:2.3:a:7-zip:7-zip:17.01
  • 7-Zip » 7-Zip » Version: 18.00
    cpe:2.3:a:7-zip:7-zip:18.00
  • 7-Zip » 7-Zip » Version: 18.01
    cpe:2.3:a:7-zip:7-zip:18.01
  • 7-Zip » 7-Zip » Version: 18.03
    cpe:2.3:a:7-zip:7-zip:18.03
  • 7-Zip » 7-Zip » Version: 18.05
    cpe:2.3:a:7-zip:7-zip:18.05
  • 7-Zip » 7-Zip » Version: 18.06
    cpe:2.3:a:7-zip:7-zip:18.06
  • 7-Zip » 7-Zip » Version: 19.00
    cpe:2.3:a:7-zip:7-zip:19.00
  • 7-Zip » 7-Zip » Version: 19.02
    cpe:2.3:a:7-zip:7-zip:19.02
  • 7-Zip » 7-Zip » Version: 20.00
    cpe:2.3:a:7-zip:7-zip:20.00
  • 7-Zip » 7-Zip » Version: 20.02
    cpe:2.3:a:7-zip:7-zip:20.02
  • 7-Zip » 7-Zip » Version: 21.00
    cpe:2.3:a:7-zip:7-zip:21.00
  • 7-Zip » 7-Zip » Version: 21.02
    cpe:2.3:a:7-zip:7-zip:21.02
  • 7-Zip » 7-Zip » Version: 21.03
    cpe:2.3:a:7-zip:7-zip:21.03
  • 7-Zip » 7-Zip » Version: 21.04
    cpe:2.3:a:7-zip:7-zip:21.04
  • 7-Zip » 7-Zip » Version: 21.06
    cpe:2.3:a:7-zip:7-zip:21.06
  • 7-Zip » 7-Zip » Version: 21.07
    cpe:2.3:a:7-zip:7-zip:21.07
  • 7-Zip » 7-Zip » Version: 22.01
    cpe:2.3:a:7-zip:7-zip:22.01
  • 7-Zip » 7-Zip » Version: 23.01
    cpe:2.3:a:7-zip:7-zip:23.01
  • 7-Zip » 7-Zip » Version: 24.05
    cpe:2.3:a:7-zip:7-zip:24.05
  • 7-Zip » 7-Zip » Version: 24.06
    cpe:2.3:a:7-zip:7-zip:24.06
  • 7-Zip » 7-Zip » Version: 24.07
    cpe:2.3:a:7-zip:7-zip:24.07
  • 7-Zip » 7-Zip » Version: 24.08
    cpe:2.3:a:7-zip:7-zip:24.08
  • 7-Zip » 7-Zip » Version: 24.09
    cpe:2.3:a:7-zip:7-zip:24.09
  • 7-Zip » 7-Zip » Version: 25.00
    cpe:2.3:a:7-zip:7-zip:25.00
  • 7-Zip » 7-Zip » Version: 25.01
    cpe:2.3:a:7-zip:7-zip:25.01
  • 7-Zip » 7-Zip » Version: 9.11
    cpe:2.3:a:7-zip:7-zip:9.11
  • 7-Zip » 7-Zip » Version: 9.12
    cpe:2.3:a:7-zip:7-zip:9.12
  • 7-Zip » 7-Zip » Version: 9.13
    cpe:2.3:a:7-zip:7-zip:9.13
  • 7-Zip » 7-Zip » Version: 9.14
    cpe:2.3:a:7-zip:7-zip:9.14
  • 7-Zip » 7-Zip » Version: 9.15
    cpe:2.3:a:7-zip:7-zip:9.15
  • 7-Zip » 7-Zip » Version: 9.16
    cpe:2.3:a:7-zip:7-zip:9.16
  • 7-Zip » 7-Zip » Version: 9.17
    cpe:2.3:a:7-zip:7-zip:9.17
  • 7-Zip » 7-Zip » Version: 9.18
    cpe:2.3:a:7-zip:7-zip:9.18
  • 7-Zip » 7-Zip » Version: 9.19
    cpe:2.3:a:7-zip:7-zip:9.19
  • 7-Zip » 7-Zip » Version: 9.20
    cpe:2.3:a:7-zip:7-zip:9.20
  • 7-Zip » 7-Zip » Version: 9.21
    cpe:2.3:a:7-zip:7-zip:9.21
  • 7-Zip » 7-Zip » Version: 9.22
    cpe:2.3:a:7-zip:7-zip:9.22
  • 7-Zip » 7-Zip » Version: 9.34
    cpe:2.3:a:7-zip:7-zip:9.34
  • 7-Zip » 7-Zip » Version: 9.35
    cpe:2.3:a:7-zip:7-zip:9.35
  • 7-Zip » 7-Zip » Version: 9.36
    cpe:2.3:a:7-zip:7-zip:9.36
  • 7-Zip » 7-Zip » Version: 9.38
    cpe:2.3:a:7-zip:7-zip:9.38


Products
Pricing
Contact Us

Shodan ® - All rights reserved