CVE-2026-4111

HIGH

Red Hat Enterprise Linux - Denial of Service via RAR5 Archive Decompression Infinite Loop

Title source: llm
STIX 2.1

Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

References (29)

Core 29
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:10081
https://access.redhat.com/errata/RHSA-2026:10081
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:5080
https://access.redhat.com/errata/RHSA-2026:5080
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7239
https://access.redhat.com/errata/RHSA-2026:7239
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8423
https://access.redhat.com/errata/RHSA-2026:8423
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8944
https://access.redhat.com/errata/RHSA-2026:8944
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:9832
https://access.redhat.com/errata/RHSA-2026:9832
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:10097
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:6647
https://access.redhat.com/errata/RHSA-2026:6647
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:7335
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:10065
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16174
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:5063
https://access.redhat.com/errata/RHSA-2026:5063
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7093
https://access.redhat.com/errata/RHSA-2026:7093
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7105
https://access.redhat.com/errata/RHSA-2026:7105
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7106
https://access.redhat.com/errata/RHSA-2026:7106
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7329
https://access.redhat.com/errata/RHSA-2026:7329
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8746
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8747
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8748
https://access.redhat.com/errata/RHSA-2026:8748
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:8865
https://access.redhat.com/errata/RHSA-2026:8865
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-4111
Vendor Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2446453
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:14773
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:15087
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16008
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16009
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:17596

Scores

CVSS v3 7.5
EPSS 0.0069
EPSS Percentile 47.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-835
Status published
Products (50)
Red Hat/Red Hat AI Inference Server 3.2 1775740563
Red Hat/Red Hat AI Inference Server 3.2 1780681984
Red Hat/Red Hat AI Inference Server 3.2 sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e
Red Hat/Red Hat AI Inference Server 3.3 1775680192
Red Hat/Red Hat AI Inference Server 3.3 1775680262
Red Hat/Red Hat AI Inference Server 3.3 1775749857
Red Hat/Red Hat AI Inference Server 3.3 1778244531
Red Hat/Red Hat AI Inference Server 3.3 1778244546
Red Hat/Red Hat AI Inference Server 3.3 1778244559
Red Hat/Red Hat AI Inference Server 3.3 sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc
... and 40 more
Published Mar 13, 2026
Tracked Since Mar 14, 2026