๐Ÿ” CVE Alert

CVE-2026-55195

UNKNOWN 0.0

py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
24th

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expands to 100 MB to exhaust disk or memory before extraction completes. This issue is fixed in version 1.1.3.

CWE CWE-409
Vendor miurahr
Product py7zr
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for miurahr py7zr

Be the first to know when new unknown vulnerabilities affecting miurahr py7zr are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

miurahr / py7zr
< 1.1.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/miurahr/py7zr/security/advisories/GHSA-gjrg-mpp7-g774 github.com: https://github.com/miurahr/py7zr/commit/28faf107b64374fa5a02bfb93aa2024e281ca97b github.com: https://github.com/miurahr/py7zr/releases/tag/v1.1.3