Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

INFO

Published Date :

2026-03-13T11:45:20.653Z

Last Modified :

2026-03-13T13:36:18.676Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4111 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4111.

URL Resource
https://access.redhat.com/security/cve/CVE-2026-4111 cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2446453 cve-icon
https://github.com/libarchive/libarchive/pull/2877 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact