<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>RARLAB - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/rarlab/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Thu, 09 Jul 2026 07:49:19 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/rarlab/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14191-winrar-unrar/</link><pubDate>Thu, 09 Jul 2026 07:49:19 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14191-winrar-unrar/</guid><description>CVE-2026-14191 describes an out-of-bounds heap write vulnerability in WinRAR and UnRAR when processing RAR5 recovery volumes (.rev), allowing an unauthenticated attacker to achieve remote code execution on a victim's system by tricking a user into opening a specially crafted archive.</description><content:encoded><![CDATA[<p>This brief details CVE-2026-14191, an out-of-bounds heap write vulnerability affecting the widely used WinRAR and UnRAR archiving utilities. Identified and published by the Microsoft Security Response Center, this flaw exists within the <code>RecVolumes5::ReadHeader</code> function, which is responsible for processing RAR5 recovery volumes, specifically files with the <code>.rev</code> extension. An attacker could exploit this vulnerability by convincing a target user to open a malicious archive containing a specially crafted recovery volume. Successful exploitation typically leads to arbitrary code execution on the victim's system, granting the attacker control over the compromised machine. Given WinRAR's pervasive presence across various systems, this vulnerability represents a significant risk for individuals and organizations.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious RAR5 archive containing a specially formed recovery volume (<code>.rev</code>) designed to trigger an out-of-bounds heap write.</li>
<li>The attacker distributes this malicious archive, often via phishing emails, malicious websites, or direct download links, to a target user.</li>
<li>The unsuspecting user downloads and attempts to open or extract the contents of the malicious archive using a vulnerable version of WinRAR or UnRAR.</li>
<li>During the archive processing, specifically when the application attempts to read the recovery volume header, the vulnerability in the <code>RecVolumes5::ReadHeader</code> function is triggered.</li>
<li>The out-of-bounds heap write corrupts memory, leading to a state that allows the attacker to execute arbitrary code on the user's system.</li>
<li>The attacker's injected code then executes, potentially establishing persistence mechanisms, downloading additional malware (such as ransomware or info-stealers), or initiating data exfiltration from the compromised host.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>A successful exploitation of CVE-2026-14191 would allow an attacker to execute arbitrary code on the victim's system with the privileges of the user running the WinRAR or UnRAR application. This could lead to a complete compromise of the affected system, resulting in data theft, encryption by ransomware, installation of backdoors for persistent access, or further lateral movement within an organization's network. Given the broad adoption of WinRAR in various sectors, this vulnerability poses a significant threat, as it can bypass traditional perimeter defenses by exploiting user interaction with a seemingly legitimate file type.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately apply security updates for WinRAR and UnRAR as they become available from RARLAB to patch CVE-2026-14191.</li>
<li>Educate users on the risks associated with opening unsolicited or suspicious archive files, particularly those received from unknown sources or unexpected senders.</li>
<li>Implement robust email and web filtering solutions to block known malicious attachments and prevent access to websites that may host exploit kits or distribute weaponized archives.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>cve</category><category>vulnerability</category><category>archive</category><category>client-side</category><category>windows</category></item></channel></rss>