CVE-2026-48095: 7-Zip Heap Buffer Overflow Can Lead to Code Execution

CVE-2026-48095 is a heap buffer overflow in 7-Zip’s NTFS archive handler (affecting at least 7-Zip 26.00) where an under-allocation in buffer sizing allows an attacker-supplied NTFS image to overwrite heap memory and hijack a vtable, enabling potential arbitrary code execution; a public Python PoC (gen_ntfs_sparse.py) was released and the issue is fixed in 7-Zip 26.01 (released April 27, 2026), so immediate patching and cautious handling of untrusted archives are recommended.