Cyber Resilience

CVE-2026-4111

HighDDoSUpdated

Published: 13 March 2026

Published
13 March 2026
Modified
10 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0004 11.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4111 is a high-severity Infinite Loop (CWE-835) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-4111 is a vulnerability in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. A specially crafted RAR5 archive can trigger an infinite loop during decompression, continuously consuming CPU resources. The archive passes checksum validation and appears structurally valid, so affected applications cannot detect the issue before processing begins.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges, and no user interaction required. Remote attackers can supply malicious RAR5 archives to services that automatically process archives, causing persistent denial-of-service conditions through CPU exhaustion, as classified under CWE-835 (infinite loop).

Red Hat has issued multiple errata addressing the vulnerability, including RHSA-2026:10065, RHSA-2026:10081, RHSA-2026:10097, RHSA-2026:5063, and RHSA-2026:5080, which provide patches for affected products.

EU & UK References

Vulnerability details

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward…

more

progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in archive processing library enables remote supply of crafted input to public-facing services (T1190) resulting in application DoS via infinite loop/CPU exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-69227Shared CWE-835
CVE-2026-4598Shared CWE-835
CVE-2026-33699Shared CWE-835
CVE-2026-42920Shared CWE-835
CVE-2026-24831Shared CWE-835
CVE-2026-33891Shared CWE-835
CVE-2026-21905Shared CWE-835
CVE-2026-32256Shared CWE-835
CVE-2026-26283Shared CWE-835
CVE-2026-39806Shared CWE-835

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the vulnerability by applying vendor patches, such as Red Hat errata, to fix the infinite loop in libarchive's RAR5 decompression.

prevent

Denial-of-service protection implements mechanisms to detect and block resource exhaustion attacks like the CPU-intensive infinite loop triggered by crafted RAR5 archives.

prevent

Resource availability ensures CPU and other resources are protected from unauthorized excessive consumption caused by the infinite decompression loop.

References