CVE-2026-48095 is a heap buffer overflow in 7-Zip’s NTFS stream handler affecting all versions through 26.00, with CISA KEV confirmation of active exploitation. The vulnerability enables arbitrary code execution via a crafted archive with no special user action beyond opening or extracting a file. 7-Zip 26.01 is the remediated version and should be deployed immediately across all managed and unmanaged assets.