CVE-2026-48101
Uninitialized Memory Disclosure in 7-Zip UEFI Parser
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 7-zip | 7-zip | From 9.21 (inc) to 26.00 (inc) |
| 7-zip | 7-zip | 26.0.1 |
| 7-zip | 7-zip | From 9.18 (inc) to 26.00 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in 7-Zip versions 9.21 through 26.00 in the UEFI capsule (.scap) parser. Specifically, the OpenCapsule function allocates a heap buffer based on an attacker-declared size without zero-initializing it. When reading the file contents, if the file is truncated, the unread portion of the buffer contains uninitialized heap memory. This uninitialized memory is then exposed as part of the extracted file content, potentially leaking sensitive data.
The issue arises because the function discards the return value of the read operation, which could indicate a short read, leading to exposure of leftover heap memory. This vulnerability was fixed in version 26.0.1.
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of uninitialized heap memory when extracting UEFI capsule files using vulnerable versions of 7-Zip. Because the exposed memory may contain sensitive information such as passwords, file paths, or other confidential data, an attacker could potentially access this information by crafting malicious archive files.
The GUI version of 7-Zip is particularly vulnerable due to its long-running nature, increasing the risk of leaking sensitive data over time.
The CVSS score of 6.5 indicates a medium severity with network attack vector, low attack complexity, no privileges required, but user interaction needed, and high confidentiality impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves uninitialized memory disclosure in the UEFI capsule parser of 7-Zip versions 9.21 through 26.00. Detection involves identifying if vulnerable versions of 7-Zip are present on your system.
You can check the installed 7-Zip version using the following command on Windows systems:
- 7z.exe --help or 7z.exe
Alternatively, check the version via the file properties of 7z.exe or by running:
- wmic datafile where name="C:\\Program Files\\7-Zip\\7z.exe" get Version
If the version is between 9.21 and 26.00 inclusive, the system is vulnerable.
Since this vulnerability is related to file extraction, monitoring for suspicious or malformed .scap (UEFI capsule) files being processed by 7-Zip could help detect exploitation attempts.
No specific network detection commands or signatures are provided in the resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade 7-Zip to version 26.0.1 or later, where this vulnerability has been fixed.
Avoid extracting untrusted or suspicious UEFI capsule (.scap) files using vulnerable versions of 7-Zip.
If upgrading immediately is not possible, consider restricting access to 7-Zip or disabling its use for processing .scap files to reduce exposure.