CVE-2026-4424
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
27th
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
| CWE | CWE-125 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Mar 19, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.19
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / Red Hat AI Inference Server 3.2
All versions affected Red Hat / Red Hat AI Inference Server 3.2
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Hardened Images
All versions affected Red Hat / Red Hat Insights proxy 1.5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Update Infrastructure 5
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10065 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10097 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11768 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12071 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12274 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:13812 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14773 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14937 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:15087 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16008 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16009 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16030 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17596 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19724 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19725 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:20040 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21690 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8492 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8510 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8517 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8521 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8534 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8864 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8865 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8866 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8867 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8873 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8908 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8944 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9026 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9592 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9832 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-4424 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2449006 github.com: https://github.com/libarchive/libarchive/pull/2898
Credits
Red Hat would like to thank Elhanan Haenel for reporting this issue.