Out-of-Bounds Heap Write in WinRAR Product by RARLab
CVE-2026-14191
7.8HIGH
What is CVE-2026-14191?
A vulnerability exists within the RAR5 recovery-volume parser used in WinRAR and UnRAR, leading to potential heap corruption through crafted .rev files. This flaw stems from the incorrect validation of input that allows for manipulation of internal data structures, posing a risk when users perform recovery operations on specially designed .rev file sets. Successful exploitation could allow an attacker to overwrite memory at arbitrary locations within the heap, leading to serious security implications. This vulnerability was rectified in version 7.23.
Affected Version(s)
RAR Windows 0 < 7.23
UnRAR Windows 0 <= 7.21
UnRAR.dll Windows 0 < 7.23
