Changeflow GovPing Data Privacy & Cybersecurity libarchive Remote Code Execution Vulnerability
Priority review Notice Added Final

libarchive Remote Code Execution Vulnerability

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 30th, 2026
Detected March 31st, 2026
Email

Summary

CERT-Bund issued Security Advisory WID-SEC-2026-0923 warning of a high-severity remote code execution vulnerability in libarchive, a C library used for reading and creating archive formats including tar, cpio, zip, and ISO. The vulnerability has a CVSS Base Score of 7.3 and affects systems running Linux, UNIX, and Windows. Organizations using libarchive should apply available mitigations immediately.

View original document View source feed page

What changed

CERT-Bund published Security Advisory WID-SEC-2026-0923 identifying a remote code execution vulnerability in libarchive, an open-source C library for handling archive formats (tar, cpio, zip, ISO, and others). The vulnerability carries a CVSS Base Score of 7.3 (high) and CVSS Temporal Score of 6.4 (medium). Remote attackers can exploit this flaw to execute arbitrary code on affected systems.

Organizations using libarchive on Linux, UNIX, or Windows platforms should immediately verify their exposure, check for available patches or updates, and apply mitigations where patches are not yet available. Given the CVSS 7.3 severity, unpatched systems face significant risk of compromise through specially crafted archive files.

What to do next

  1. Identify systems running libarchive across Linux, UNIX, and Windows environments
  2. Apply available patches or updates for libarchive to remediate the vulnerability
  3. If patches are unavailable, implement compensating controls such as input validation and restricting processing of untrusted archive files

Source document (simplified)

[WID-SEC-2026-0923] libarchive: Schwachstelle ermöglicht Codeausführung CVSS Base Score 7.3 (hoch) CVSS Temporal Score 6.4 (mittel) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX
  • Windows

Produktbeschreibung

libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.

Produkte

30.03.2026
- Open Source libarchive

Angriff

Angriff

Ein entfernter Angreifer kann eine Schwachstelle in libarchive ausnutzen, um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Docker Desktop Model Runner SSRF Vulnerability Advisory
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Asterisk security advisory, XSS, root code execution
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Synacor Zimbra vulnerability bypasses security, manipulates data
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Systems and methods of protecting secrets in use with containerized applications
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Secure data parser method and system
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com IBM patent for entity-wide database asset index generation
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 30th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0923

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Software Vulnerability Management IT Security Operations
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Consumer Protection

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.