CVE-2026-4111 — Infinite Loop in Libarchive
Severity
7.5HIGHNVD
OSV5.5
EPSS
0.0%
top 90.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 13
Latest updateApr 2
Description
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the is…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
3GHSA▶
GHSA-xrqh-48jh-pjv2: A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path↗2026-03-13
OSV▶
CVE-2026-4111: A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path↗2026-03-13
📋Vendor Advisories
4Red Hat▶
libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive↗2026-03-11
Microsoft▶
Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive↗2026-03-10
Debian▶
CVE-2026-4111: libarchive - A flaw was identified in the RAR5 archive decompression logic of the libarchive ...↗2026
🕵️Threat Intelligence
10💬Community
1Bugzilla▶
CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive↗2026-03-11