Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

All IT Services security alert graphic with a red warning triangle on a navy background

Rarlab has released WinRAR 7.23 to fix CVE-2026-14191, a memory-corruption flaw in the way WinRAR and UnRAR handle RAR5 recovery-volume (.rev) files. A booby-trapped set of archive files can corrupt WinRAR’s memory and, in the worst case, let an attacker run malicious code on your machine, as reported by Malwarebytes. It’s a variant of a 2023 bug in the same code — this corner of WinRAR keeps causing trouble.

Who’s affected: anyone with WinRAR installed, on any platform. The real problem isn’t the bug — it’s that WinRAR still has no automatic updates. Someone has to know a new version exists, download the right build and install it. When we audit software across Australian client fleets, WinRAR is reliably one of the most out-of-date applications we find, precisely because it keeps working quietly for years. That matters: a 2025 WinRAR flaw was still being exploited against organisations long after the patch shipped. Nobody has seen this one exploited in the wild yet, but history says don’t wait for that headline.

What to do: update every copy to WinRAR 7.23 today, making sure you grab the right 64-bit or ARM build. Better yet, ask whether your team still needs it at all — Windows 11 now opens RAR files natively, so removing WinRAR entirely shrinks the attack surface to zero.

If nobody in your business owns the job of tracking updates like this, that’s exactly what managed patching is for.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →