The CVE-2026-55206 vulnerability affects the py7zr library and utility used for 7zip archive compression, decompression, encryption, and decryption. The vulnerability is classified as HIGH severity and was published on 2026-07-08T21:16:49.987Z. The issue arises from an O(n^2) cumulative sum pattern in PackInfo._read() of archiveinfo.py, which allows crafted .7z archives to cause excessive CPU consumption [truncated]
CVE-2026-55195 is a denial of service vulnerability in py7zr, a Python library for 7zip archive compression and decompression. The vulnerability allows a remote attacker to cause a denial of service by providing a crafted 7z file that expands to a large size, exhausting disk or memory resources before extraction completes. This issue was fixed in version 1.1.3. Affected deployments should prioritize upgra [truncated]