๐Ÿ” CVE Alert

CVE-2026-55206

UNKNOWN 0.0

py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
24th

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted .7z archive to cause excessive CPU consumption during SevenZipFile.init() before extraction. This issue is fixed in version 1.1.3.

CWE CWE-407
Vendor miurahr
Product py7zr
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for miurahr py7zr

Be the first to know when new unknown vulnerabilities affecting miurahr py7zr are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

miurahr / py7zr
< 1.1.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/miurahr/py7zr/security/advisories/GHSA-h4gh-22qq-72r7 github.com: https://github.com/miurahr/py7zr/commit/d7aa3a197d15c75a65b24f796d3a69f83806d3f8 github.com: https://github.com/miurahr/py7zr/releases/tag/v1.1.3