Description

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

INFO

Published Date :

2026-03-19T13:50:27.294Z

Last Modified :

2026-05-05T20:29:02.273Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4424 vulnerability.

Vendors Products
Libarchive
  • Libarchive
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux Server Aus
  • Hardened Images
  • Hummingbird
  • Insights Proxy
  • Openshift
  • Openshift Container Platform
  • Openshift Container Platform For Arm64
  • Openshift Container Platform For Power
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
  • Rhosemc
  • Rhui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4424.

URL Resource
https://access.redhat.com/errata/RHSA-2026:10065 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:10097 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11768 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8492 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8510 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8517 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8521 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8534 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8864 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8866 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8867 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8873 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8908 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8944 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:9026 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:9592 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:9832 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-4424 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2449006 cve-icon cve-icon
https://github.com/libarchive/libarchive/pull/2898 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-4424 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-4424 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact