Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks.

The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to make sure they download the version that matches their system and language preference.

There are five operating system to choose from (Windows, macOS, Android, Linux, and FreeBSD), which shouldn’t be too hard. More people will struggle with choosing 64 bits, 32 bits, or ARM, which requires checking their system specifications.

The vulnerability, tracked as CVE-2026-14191, affects the way WinRAR and UnRAR handle RAR5 recovery-volume (.rev) files, which are optional files used to help repair damaged or incomplete archives.

This means an attacker can craft a set of two or more .rev files that make WinRAR write data outside the memory it has allocated. In simple terms, the malicious recovery volumes can trick WinRAR into writing data just past the end of a memory buffer, corrupting its own data, which attackers may be able to exploit to run malicious code on the victim’s computer.

According to the European Vulnerability Database entry EUVD‑2026‑40869, the bug is a variant of the 2023 flaw tracked as CVE-2023-40477, which was also found in the recovery volume handling code.

No automatic updates

The problem with the lack of automatic updates is that users first have to become aware that a new version is available. Although there are third-party tools that can monitor this for system administrators, most home users risk missing it.

A 2025 vulnerability in WinRAR was exploited by Russia-aligned groups against Ukrainian organizations long after the vulnerability had been patched.

How to stay safe

Besides installing the updated version of WinRAR and/or UnRAR, there are a few general ways to stay safe.

  • Don’t open unsolicited attachments unless you can verify their origin through an independent channel.
  • Use an up-to-date, real-time anti-malware solution to keep malware off your devices.
  • For system administrators: Treat WinRAR as optional software. If users do not need it for business reasons, remove it through your software inventory or asset management system to shrink the attack surface, or use a suitable tool to notify you promptly about updates.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.