oM noM Security Feeds cve
vulnerability context

CVE-2026-14191

CVSS 7.8 HIGHEPSS 20%CWE-129

An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated against that file's own TotalCount field but never against the actual size of RecItems. A crafted set of two or more .rev files can therefore write an attacker-controlled 32-bit value (the header's RevCRC field) to RecItems[RecNum] at an attacker-controlled offset up to 65534 * sizeof(RecVolItem) bytes ...

Published 2026-07-01 · last modified 2026-07-02

details

CISA KEV status
Not in catalog
CVSS v3
7.8 / HIGH
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
20% percentile (score 0.0029)
CWE
CWE-129

source mentions 2

source consensus

  • Bluesky
Want the 3-bullet summary of CVE-2026-14191, plus webhook alerts when KEV is updated? Pro is $10/mo.