We use cookies. By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechGeer Black Text Logo Light Header TechGeer Main Logo
  • News
    • AI News
    • Cybersecurity News
    • Streaming News
    • Tech News
  • Statistics
    • Entertainment
    • Gadgets and Hardware
    • Internet Security
    • Lifestyle
    • Marketing and Finance
    • Science
    • Web and Software
    • Workplace and Business
  • Streaming
  • Security
    • VPN
    • Spy
    • Antivirus
    • Torrenting
  • AI
  • About Us
    • Why Trust Us
    • Editorial Policy
    • Our Writers and Editors
    • Terms of Use
    • How We Make Money
    • Get in Touch
Reading: WinRAR 7.23 Update Fixes Critical Heap Overflow and Path Traversal Vulnerabilities
TechGeerTechGeer
Search
  • News
    • AI News
    • Cybersecurity News
    • Streaming News
    • Tech News
  • Statistics
    • Entertainment
    • Gadgets and Hardware
    • Internet Security
    • Lifestyle
    • Marketing and Finance
    • Science
    • Web and Software
    • Workplace and Business
  • Streaming
  • Security
    • VPN
    • Spy
    • Antivirus
    • Torrenting
  • AI
  • About Us
    • Why Trust Us
    • Editorial Policy
    • Our Writers and Editors
    • Terms of Use
    • How We Make Money
    • Get in Touch
Have an existing account? Sign In
Follow US
  • Terms of Use
  • Privacy Policy
© 2024 TechGeer.com. All Rights Reserved.
Home » News » Cybersecurity » WinRAR 7.23 Update Fixes Critical Heap Overflow and Path Traversal Vulnerabilities

WinRAR 7.23 Update Fixes Critical Heap Overflow and Path Traversal Vulnerabilities

Daniel Hayes
Last updated: July 4, 2026 12:13 am
By Daniel Hayes
7 Min Read
Share
We conduct in-depth independent evaluations before making a recommendation. If you buy through links on our site, we may earn a fee that supports our mission.
  • The latest WinRAR update fixes a vulnerability that bad actors could use to make the app crash or even take control of your system.
  • It also patches a vulnerability related to symbolic links that allow for path traversal attacks when users extract files from archives.
  • WinRAR’s bundled 7-Zip library also got a fresh security overhaul. Users who handle files from email, online, or anyone who runs automated server workflows should update to 7.23 or any newer version.
WinRAR 7 23 Update Fixes Critical Heap Overflow and Path Traversal Vulnerabilities

RARLAB has released WinRAR 7.23. This security update fixes a newly disclosed heap overflow vulnerability. It also addresses another archive extraction weakness. That weakness could expose users to path traversal attacks.

The reason for the update? To lock things down tighter security-wise. And the applications of focus include WinRAR, the RAR command-line tool, and UnRAR. 

In This Article
Critical Heap Overflow in RAR5 Recovery VolumesExploitation Requires User InteractionUpdate Blocks Symbolic Link Attacks7-Zip Library Also Receives Security UpdateWhy Organizations Should Pay AttentionUpdate is Not Automatic

Also, it improves the integrated 7-Zip unpacking engine. The patch consists of all the latest updates regarding bugs and security.It includes the latest upstream bug and security fixes.

Critical Heap Overflow in RAR5 Recovery Volumes

The most severe problem is identified as CVE-2026-14191. The vulnerability concerns the process of handling RAR5 recovery volume files in WinRAR. Such files fix corrupted or fragmented archive files.

The National Vulnerability Database flagged this vulnerability as an “out-of-bounds heap write.”  It lives in the RAR5 recovery volume parser. A specially crafted set of recovery volume (.rev) files can write data outside the allocated memory area. This corrupts nearby memory structures.

The problem is that the software only sizes the RecItems vector when processing the first .rev file.  Subsequent .rev files supply an independent RecNum value. The system never checks this value against the actual size of RecItems. An attacker can write data up to 65534 * sizeof(RecVolItem) bytes past the allocation.

Recovery volumes are optional files. People create them alongside multi-part RAR archives. They allow the rebuilding of damaged or missing archive parts. The vulnerability appears during recovery operations. It does not affect normal archive extraction.

RARLAB confirmed the bug affects WinRAR, RAR, and UnRAR. However, the standalone UnRAR.dll library is not affected. It does not process recovery volumes.

Arjun Basnet of Securin Labs reported the vulnerability. He received credit for the discovery.

Exploitation Requires User Interaction

Unlike some software flaws, this one cannot be exploited remotely without user action. CVE-2026-14191 requires someone to process a malicious recovery volume.

According to the NVD, attackers could trick victims into testing or repairing a crafted recovery volume set. This could happen through WinRAR’s “Repair archive” feature. It could also occur through the UnRAR command-line testing function. Automatic recovery can also trigger it when a volume in a multi-part archive is missing.

Successful exploitation can cause an application crash because of memory corruption. Security experts note that the memory corruption vulnerabilities can act as a springboard for further attacks. These could include remote code execution. For now, no public evidence exists that attackers have exploited before.

NVD assigned it a CVSS v3.1 score. That means this flaw can cause serious damage to confidentiality, integrity, and availability. The score also notes that exploitation still requires user interaction.

Update Blocks Symbolic Link Attacks

WinRAR 7.23 fixes a second security issue. This one involves symbolic links. Before this update, a specially crafted RAR archive could create a symbolic link. That link could point outside the chosen extraction folder. This happened even when users had not enabled the -ola option.

RARLAB says the new release adds extra validation during extraction. These checks stop extracted files from entering outside the intended folder. The protection works even across multiple extraction operations. This reduces the risk of path traversal attacks. It helps WinRAR, RAR, UnRAR, and applications built around those tools.

The company credited researcher scofaild23-bnomran for reporting this issue.

7-Zip Library Also Receives Security Update

Beyond fixing its own vulnerabilities, WinRAR 7.23 updates the bundled 7zxa.dll extraction library. It moved to version 26.02.

The newer library includes bug fixes and security updates from the 7-Zip project. This improves protection when handling 7z archives alongside RAR files.

Why Organizations Should Pay Attention

Archive utilities remain attractive targets. These tools are very popular. People use them to send files over email, and also often connect them to cloud drives, backups, etc. And even for enterprises, half their workflow probably runs through these.

Also, a lot of security products use components of UnRAR/RAR behind the scenes. The popularity of software tools makes them prime targets for malicious actors. Microsoft recently removed 119 malicious extensions from its Edge Add-ons Store.

Document gateways and automated file-processing systems do too. In these environments, archive processing may happen automatically. This increases the importance of keeping embedded tools fully patched.

The newly fixed recovery volume flaw is particularly relevant for organizations. They might automatically test, repair, or validate uploaded archives. This matters even if end users never open them manually.

Update is Not Automatic

Users should note that WinRAR does not automatically install updates. They must manually download and install version 7.23. Get it from RARLAB or the official WinRAR distribution site.

Security experts recommend upgrading immediately. This is critical if systems handle archives received through email, downloads, or shared storage. Organizations should also update bundled versions of RAR and UnRAR. For server-side applications? Upgrading to 7.23 or later versions is advised.

As of the time of writing, there’s no report of any attacker actively exploiting CVE-2026-14191.  But reports show that hackers love exploiting archive software flaws. This happens once technical details become public. Installing the latest version remains the simplest way to reduce that risk.

Share This Article
Facebook LinkedIn Reddit Copy Link
ByDaniel Hayes
Daniel Hayes is a cybersecurity analyst and tech editor with a strong background in information security and digital risk. He writes about malware, hacking campaigns, cloud security, data protection, and emerging cyber trends. Daniel combines technical expertise with clear, engaging writing to help businesses and individuals better understand today's rapidly changing cybersecurity landscape.
Leave a Comment Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Articles

DVB Project Approves Major DVB-I Security Upgrade for Internet TV
Cybersecurity

DVB Project Approves Major DVB-I Security Upgrade for Internet TV

July 1, 2026
Microsoft Removes 119 Malicious Extensions From Edge Add-ons Store
Cybersecurity

Microsoft Removes 119 Malicious Extensions from Edge Add-ons Store

June 30, 2026
Security Researchers Warn of Phishing Kit Targeting Major Crypto Wallets
Cybersecurity

Security Researchers Warn of Phishing Kit Targeting Major Crypto Wallets

June 22, 2026
Free VPNs and Apps may be Turning Home Internet into Residential Proxies, Researchers Warn
Cybersecurity

Free VPNs and Apps may be Turning Home Internet into Residential Proxies, Researchers Warn

June 22, 2026
TechGeer Black Text Logo Light Header TechGeer Main Logo

Discover the latest in tech at TechGeer.com: AI, software, VPNs, privacy, monitoring, gaming, streaming, and alternatives. Your go-to source for cutting-edge news and guides in the digital world.

Navigation

  • News
  • Statistics
  • Security and Privacy Guides
  • Monitoring
  • VPN
  • Torrenting
  • Streaming & Geoblocking
  • Software and Apps
  • Artificial Intelligence

Company

  • About Us
  • Why Trust Us
  • Editorial Policy
  • Disclaimer
  • How We Evaluate
  • Career
  • Contact

Follow Us

TechGeer Ltd
Office 1214 727 51
High Streat, East
London E72JA
United Kingdom

© 2024 TechGeer.com. All Rights Reserved.
  • Terms of Use
  • Privacy Policy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?

Not a member? Sign Up