Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

INFO

Published Date :

2026-03-13T11:45:20.653Z

Last Modified :

2026-04-30T12:47:00.435Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4111 vulnerability.

Vendors Products
Redhat
  • Ai Inference Server
  • Discovery
  • Enterprise Linux
  • Enterprise Linux Eus
  • Hummingbird
  • Insights Proxy
  • Openshift
  • Openshift Container Platform
  • Rhel E4s
  • Rhel Eus
  • Rhui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4111.

URL Resource
https://access.redhat.com/errata/RHSA-2026:10065 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:10081 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:10097 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5063 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:5080 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:6647 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7093 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7105 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7106 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7239 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7329 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7335 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8423 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8746 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8747 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8748 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8944 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:9832 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-4111 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2446453 cve-icon cve-icon
https://github.com/libarchive/libarchive/pull/2877 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-4111 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-4111 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact