Vendor
CVE-2026-14191 describes an out-of-bounds heap write vulnerability in WinRAR and UnRAR when processing RAR5 recovery volumes (.rev), allowing an unauthenticated attacker to achieve remote code execution on a victim's system by tricking a user into opening a specially crafted archive.