CVE-2026-4111 - High Severity Vulnerability
Vulnerable Library - libarchivev3.8.5
Multi-format archive and compression library
Library home page: https://github.com/libarchive/libarchive.git
Found in base branches: stable/4.0, master
Vulnerable Source Files (1)
/contrib/libarchive/libarchive/archive_read_support_format_rar5.c
Vulnerability Details
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Publish Date: 2026-03-13
URL: CVE-2026-4111
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-03-13
Fix Resolution: https://github.com/libarchive/libarchive.git - v3.8.6
Step up your Open Source Security Game with Mend here
CVE-2026-4111 - High Severity Vulnerability
Multi-format archive and compression library
Library home page: https://github.com/libarchive/libarchive.git
Found in base branches: stable/4.0, master
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Publish Date: 2026-03-13
URL: CVE-2026-4111
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2026-03-13
Fix Resolution: https://github.com/libarchive/libarchive.git - v3.8.6
Step up your Open Source Security Game with Mend here