Performance Vulnerability in py7zr Library Affects 7zip Archive Handling
CVE-2026-55206

8.7HIGH

Key Information:

Vendor

Miurahr

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-55206?

The py7zr library, a Python utility for handling 7zip archives, contains a performance vulnerability due to inefficient handling of numstreams parameters in archive headers. This can lead to excessive CPU utilization when processing certain crafted .7z archives. Affected users are encouraged to upgrade to version 1.1.3 or later, where this issue has been resolved. For further details, please refer to the official advisory and release notes.

Affected Version(s)

py7zr < 1.1.3

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.