Jin Daily Tech Trivia: Update Your 7-Zip Now
If you are using 7-Zip, update it now.
7-Zip is everywhere.
It is free, open source, lightweight, and has been downloaded hundreds of millions of times over the years. Besides the normal desktop app, its command-line tool and related components are also commonly used inside scripts, apps, backend systems, automation workflows, and even enterprise environments.
The exploit works by hiding a specially crafted NTFS disk image inside what looks like a normal archive, then abusing how older 7-Zip versions parse the file. If successfully exploited, it can lead to arbitrary code execution, allowing an attacker to run malicious code on the victim’s system.
And since a public PoC is already out, the “wait and see first lah” period is basically over.
For normal users:
Check your 7-Zip version and update from the official website.
For IT admins:
Don’t just update your own laptop. Check your servers, scripts, CI/CD jobs, automation tools, and any system that uses 7-Zip in the background.
Update to 7-Zip 26.01 or newer.
Because sometimes the scariest software risk is not the app you forgot you installed.
It is the tool quietly running everywhere. https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/
