Cyber Posture

CVE-2026-4111

High

Published: 13 March 2026

Published
13 March 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0003 10.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4111 is a high-severity Infinite Loop (CWE-835) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CP-7 Alternate Processing Site
addresses: CWE-835

Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.

SC-5 Denial-of-service Protection
addresses: CWE-835

Detects and mitigates infinite loops that produce sustained resource consumption.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Vulnerability in archive processing library enables remote supply of crafted input to public-facing services (T1190) resulting in application DoS via infinite loop/CPU exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward…

more

progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Deeper analysisAI

CVE-2026-4111 is a vulnerability in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. A specially crafted RAR5 archive can trigger an infinite loop during decompression, continuously consuming CPU resources. The archive passes checksum validation and appears structurally valid, so affected applications cannot detect the issue before processing begins.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges, and no user interaction required. Remote attackers can supply malicious RAR5 archives to services that automatically process archives, causing persistent denial-of-service conditions through CPU exhaustion, as classified under CWE-835 (infinite loop).

Red Hat has issued multiple errata addressing the vulnerability, including RHSA-2026:10065, RHSA-2026:10081, RHSA-2026:10097, RHSA-2026:5063, and RHSA-2026:5080, which provide patches for affected products.

Details

CWE(s)
CWE-835

CVEs Like This One

CVE-2026-32256Shared CWE-835
CVE-2026-33891Shared CWE-835
CVE-2026-24831Shared CWE-835
CVE-2026-21905Shared CWE-835
CVE-2025-69227Shared CWE-835
CVE-2026-4598Shared CWE-835
CVE-2026-33699Shared CWE-835
CVE-2026-2219Shared CWE-835
CVE-2026-32287Shared CWE-835
CVE-2026-31448Shared CWE-835

References