Winrar
This hub aggregates every CVE we track for Winrar, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
29
CVEs tracked
4
Critical
13
High
4
In CISA KEV
Severity distribution
HIGH13MEDIUM8LOW4CRITICAL4
Monthly trend
0
0
0
0
0
0
0
0
1
0
1
0
1
0
0
1
0
0
0
0
1
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Winrar.
- CVE-2019-25677WinRAR 5.61 Denial of Service via Malformed Language File6.2
- CVE-2025-52331Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report di...6.1
- CVE-2025-8088Path traversal vulnerability in WinRARKEV8.8
- CVE-2025-6218RARLAB WinRAR Directory Traversal Remote Code Execution VulnerabilityKEV7.8
- CVE-2025-31334Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic l...6.8
- CVE-2024-36052RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.7.5
- CVE-2023-40477RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability7.8
- CVE-2024-33899RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.7.1
- CVE-2024-30370RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability4.3
- CVE-2023-38831RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign fil...KEV7.8
- CVE-2022-43650This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that ...7.1
- BDU:2021-05327Уязвимость файлового архиватора WinRAR, связанная с ретрансляцией запросов на вредоносный домен, позволяющая нарушителю реализовать атаку типа «ARP-спуфинг»3.4
- CVE-2018-20253In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary ...7.8
- CVE-2018-20251In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as...5.5
- CVE-2018-20252In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary ...7.8
Product normalization is registry-driven with AI assist and human review. How it works