This pack covers a single high-severity vulnerability, CVE-2026-48095, a heap buffer overflow in 7-Zip versions 26.00 and prior that enables arbitrary code execution via crafted NTFS archives. The attack chain is user-triggered (malicious file open/extract), requires no special configuration, and CISA confirmed active exploitation in the wild as of 2026-05-20. Any organization with unpatched 7-Zip on workstations or servers is directly exposed; immediate patching to version 26.01 is the primary remediation action.