A heap buffer overflow in 7-Zip’s NTFS archive parsing component (CVE-2026-48095, CVSS 7.8) enables arbitrary code execution when a user opens a specially crafted archive file. A public proof-of-concept is available, lowering the exploitation threshold for less sophisticated actors. Specific affected version ranges and patch availability are not yet confirmed in public sources as of this bulletin date; organizations should check the official 7-Zip release page directly.