{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/unrar/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-14191"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WinRAR","UnRAR"],"_cs_severities":["high"],"_cs_tags":["cve","vulnerability","archive","client-side","windows"],"_cs_type":"advisory","_cs_vendors":["RARLAB"],"content_html":"\u003cp\u003eThis brief details CVE-2026-14191, an out-of-bounds heap write vulnerability affecting the widely used WinRAR and UnRAR archiving utilities. Identified and published by the Microsoft Security Response Center, this flaw exists within the \u003ccode\u003eRecVolumes5::ReadHeader\u003c/code\u003e function, which is responsible for processing RAR5 recovery volumes, specifically files with the \u003ccode\u003e.rev\u003c/code\u003e extension. An attacker could exploit this vulnerability by convincing a target user to open a malicious archive containing a specially crafted recovery volume. Successful exploitation typically leads to arbitrary code execution on the victim's system, granting the attacker control over the compromised machine. Given WinRAR's pervasive presence across various systems, this vulnerability represents a significant risk for individuals and organizations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious RAR5 archive containing a specially formed recovery volume (\u003ccode\u003e.rev\u003c/code\u003e) designed to trigger an out-of-bounds heap write.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes this malicious archive, often via phishing emails, malicious websites, or direct download links, to a target user.\u003c/li\u003e\n\u003cli\u003eThe unsuspecting user downloads and attempts to open or extract the contents of the malicious archive using a vulnerable version of WinRAR or UnRAR.\u003c/li\u003e\n\u003cli\u003eDuring the archive processing, specifically when the application attempts to read the recovery volume header, the vulnerability in the \u003ccode\u003eRecVolumes5::ReadHeader\u003c/code\u003e function is triggered.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds heap write corrupts memory, leading to a state that allows the attacker to execute arbitrary code on the user's system.\u003c/li\u003e\n\u003cli\u003eThe attacker's injected code then executes, potentially establishing persistence mechanisms, downloading additional malware (such as ransomware or info-stealers), or initiating data exfiltration from the compromised host.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-14191 would allow an attacker to execute arbitrary code on the victim's system with the privileges of the user running the WinRAR or UnRAR application. This could lead to a complete compromise of the affected system, resulting in data theft, encryption by ransomware, installation of backdoors for persistent access, or further lateral movement within an organization's network. Given the broad adoption of WinRAR in various sectors, this vulnerability poses a significant threat, as it can bypass traditional perimeter defenses by exploiting user interaction with a seemingly legitimate file type.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply security updates for WinRAR and UnRAR as they become available from RARLAB to patch CVE-2026-14191.\u003c/li\u003e\n\u003cli\u003eEducate users on the risks associated with opening unsolicited or suspicious archive files, particularly those received from unknown sources or unexpected senders.\u003c/li\u003e\n\u003cli\u003eImplement robust email and web filtering solutions to block known malicious attachments and prevent access to websites that may host exploit kits or distribute weaponized archives.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T07:49:19Z","date_published":"2026-07-09T07:49:19Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14191-winrar-unrar/","summary":"CVE-2026-14191 describes an out-of-bounds heap write vulnerability in WinRAR and UnRAR when processing RAR5 recovery volumes (.rev), allowing an unauthenticated attacker to achieve remote code execution on a victim's system by tricking a user into opening a specially crafted archive.","title":"CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14191-winrar-unrar/"}],"language":"en","title":"CraftedSignal Threat Feed - UnRAR","version":"https://jsonfeed.org/version/1.1"}