CVE-2026-4111
Published: Mar 13, 2026
Modified: May 20, 2026
CVSS v3.1
7.5
Description
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat Enterprise Linux 10 | unaffected 0:3.7.7-5.el10_1 - < * |
Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | unaffected 0:3.7.7-5.el10_0 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:3.5.3-7.el9_7 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:3.5.3-7.el9_7 - < * |
Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | unaffected 0:3.5.3-2.el9_0.3 - < * |
Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | unaffected 0:3.5.3-5.el9_2.1 - < * |
Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | unaffected 0:3.5.3-4.el9_4.2 - < * |
Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | unaffected 0:3.5.3-6.el9_6.1 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.13 | unaffected 413.92.202604080111-0 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected 414.92.202605060243-0 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.15 | unaffected 415.92.202605060220-0 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected 416.94.202604211449-0 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected 417.94.202605112123-0 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.18 | unaffected 418.94.202604140044-0 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.19 | unaffected 4.19.9.6.202604211219-0 - < * |
Red Hat | Red Hat AI Inference Server 3.2 | unaffected 1775740563 - < * |
Red Hat | Red Hat AI Inference Server 3.3 | unaffected 1778244559 - < * |
Red Hat | Red Hat AI Inference Server 3.3 | unaffected 1778244531 - < * |
Red Hat | Red Hat AI Inference Server 3.3 | unaffected 1778244546 - < * |
Red Hat | Red Hat AI Inference Server 3.3 | unaffected 1775680192 - < * |
Red Hat | Red Hat AI Inference Server 3.3 | unaffected 1775680262 - < * |
Red Hat | Red Hat AI Inference Server 3.3 | unaffected 1775749857 - < * |
Red Hat | Red Hat Discovery 2 | unaffected 1775668717 - < * |
Red Hat | Red Hat Discovery 2 | unaffected 1775675922 - < * |
Red Hat | Red Hat Hardened Images | unaffected 3.8.7-1.hum1 - < * |
Red Hat | Red Hat Insights proxy 1.5 | unaffected 1776868961 - < * |
Red Hat | Red Hat Update Infrastructure 5 | unaffected 1776868774 - < * |
Red Hat | Red Hat Update Infrastructure 5 | unaffected 1776868744 - < * |
Red Hat | Red Hat Update Infrastructure 5 | unaffected 1776868772 - < * |
Red Hat | Red Hat Update Infrastructure 5 | unaffected 1776868842 - < * |
Red Hat | Red Hat Enterprise Linux 6 | All versions |
Red Hat | Red Hat Enterprise Linux 7 | All versions |
Red Hat | Red Hat Enterprise Linux 8 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now