Memory Exhaustion Vulnerability in py7zr Library by miurahr
CVE-2026-55195

8.7HIGH

Key Information:

Vendor

Miurahr

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-55195?

The py7zr library, utilized for handling 7zip archives in Python, contains a significant flaw in its Worker.decompress() method. This vulnerability allows an attacker to craft a .7z file that, upon extraction, can expand drastically in size—leading to potential denial-of-service conditions by exhausting system memory or disk space. With the ability to create a 15.6 KB file that can inflate to 100 MB or more, the risk is particularly acute for systems without stringent resource monitoring. This issue was resolved in the library's version 1.1.3, emphasizing the importance of updating to mitigate these risks.

Affected Version(s)

py7zr < 1.1.3

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.