CVE-2026-4111
Published: 13 March 2026
Summary
CVE-2026-4111 is a high-severity Infinite Loop (CWE-835) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2026-4111 is a vulnerability in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. A specially crafted RAR5 archive can trigger an infinite loop during decompression, continuously consuming CPU resources. The archive passes checksum validation and appears structurally valid, so affected applications cannot detect the issue before processing begins.
The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges, and no user interaction required. Remote attackers can supply malicious RAR5 archives to services that automatically process archives, causing persistent denial-of-service conditions through CPU exhaustion, as classified under CWE-835 (infinite loop).
Red Hat has issued multiple errata addressing the vulnerability, including RHSA-2026:10065, RHSA-2026:10081, RHSA-2026:10097, RHSA-2026:5063, and RHSA-2026:5080, which provide patches for affected products.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12031
Vulnerability details
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward…
more
progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in archive processing library enables remote supply of crafted input to public-facing services (T1190) resulting in application DoS via infinite loop/CPU exhaustion (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses the vulnerability by applying vendor patches, such as Red Hat errata, to fix the infinite loop in libarchive's RAR5 decompression.
Denial-of-service protection implements mechanisms to detect and block resource exhaustion attacks like the CPU-intensive infinite loop triggered by crafted RAR5 archives.
Resource availability ensures CPU and other resources are protected from unauthorized excessive consumption caused by the infinite decompression loop.