WinRAR Code Execution Vulnerability via Malformed Recovery Volumes — Update to Version 7.23

WinRAR Code Execution Vulnerability via Malformed Recovery Volumes — Update to Version 7.23


What Is the Vulnerability

A vulnerability in WinRAR’s handling of recovery volumes (REV files) allows attackers to execute arbitrary code on the user’s system. When a WinRAR user opens a maliciously crafted RAR archive containing a malformed recovery volume, the flawed parsing logic triggers code execution. The flaw was previously partially addressed for the RAR3 format but also affects the RAR5 format. WinRAR lacks automatic update functionality, making manual patching the only option.


Versions Affected

  • WinRAR — all versions prior to 7.23

WinRAR is a widely used archiving utility installed on millions of Windows systems globally. The vulnerability affects both consumer and enterprise deployments.


Exploited?

No confirmed active exploitation in the wild at time of publication. The vulnerability was responsibly disclosed and patched in WinRAR 7.23. However, given the widespread deployment of WinRAR and the historical pattern of archive-parsing vulnerabilities being weaponised (e.g., CVE-2023-40477, CVE-2025-61374), exploitation attempts are expected once technical details circulate.


Fix

WinRAR has released version 7.23 which addresses the recovery volume parsing vulnerability. Because WinRAR does not include automatic update functionality, users and administrators must manually download and install the update.

  • Primary fix: Download and install WinRAR 7.23 from the official website (rarlab.com).
  • Enterprise workaround: Use patch management tools such as Zoho Patch Manager or PatchMyPC to deploy the update across managed systems.

Recommendations

  • Immediately update WinRAR to 7.23 on all systems — personal and enterprise.
  • Enterprise environments: Use patch management tools to deploy the update at scale since WinRAR lacks Group Policy support for auto-update.
  • Consider alternatives: Evaluate archiving tools that support automatic updates, such as 7-Zip, Bandizip, or PeaZip, for long-term vulnerability management.
  • User awareness: Remind users not to open RAR archives from untrusted sources, including email attachments and download sites.

References


Part of the Vulnerability Intelligence series on threat-modeling.com. July 5, 2026 Report.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!