- CVE: CVE-2026-14191
- CVSS: 7.8 (High · CVSSv3)
- Product: RARLAB WinRAR
- Affected: < 7.23, ≤ 7.21
- Impact: WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
- Status: No confirmed exploitation yet
- Patched in: 7.23
- EPSS: 0.3% (30-day)
- Action: Update to 7.23 now
TL;DR
RARLAB fixed a WinRAR vulnerability in version 7.23. The flaw, CVE-2026-14191, causes a heap overflow in the RAR5 recovery-volume parser. It affects WinRAR, RAR, and UnRAR. No exploitation in the wild has been confirmed.
Why It Matters
WinRAR ships on hundreds of millions of PCs. So its flaws draw attacker interest fast. In fact, other WinRAR bugs saw active abuse during 2025. Attackers favor archive tools because users open such files without much thought. This WinRAR vulnerability needs user action, yet the trigger is common. A victim only has to repair or test a malicious archive.
How the Attack Works
The bug lives in the RAR5 recovery-volume (.rev) parser. The code sizes an internal list from the first .rev file only. Later .rev files supply their own count value. That value is never checked against the real list size. As a result, a crafted set writes an attacker-controlled 32-bit value past the buffer. This write then corrupts nearby heap objects. Heap corruption of this kind can crash the tool or enable further attacks. The issue mirrors CVE-2023-40477, which was patched only in the RAR3 path.
Affected Versions
The flaw affects WinRAR, RAR, and UnRAR before 7.23. UnRAR.dll skips recovery-volume processing, so it stays safe. The 7.23 release also hardens symbolic-link handling during extraction. Moreover, it updates the bundled 7-Zip library to pick up upstream fixes.
Patch and Mitigation
Update to WinRAR 7.23 right away. You can check the fixes in the official release notes. Then grab the latest build from the vendor download page. Until you patch, avoid running repair or test on untrusted .rev sets. Also treat archives from unknown senders with care. RARLAB credited Arjun Basnet of Securin Labs for the report.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.