Description
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violation at memory address 004F1DB8 when the application attempts to read invalid data.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

WinRAR 5.61 is vulnerable to a denial‑of‑service flaw that can be triggered by a local attacker who places a malformed winrar.lng language file in the installation directory. When the user opens an archive and clicks the Test button, the application attempts to read the corrupted file, causing an access violation at a hard‑coded memory address and forcing the program to crash. This behavior matches CWE‑379, which describes denial of service caused by unintended or erroneous behavior within the software.

Affected Systems

The issue affects the WinRAR 5.61 release from Rarlab. Users running this version will experience the crash if they encounter or place a corrupt winrar.lng file in the program’s install folder. No other product versions are listed as impacted in the available data.

Risk and Exploitability

The CVSS score of 6.9 reflects a moderate to high impact when the vulnerability is exploited, but the EPSS score of less than 1 percent indicates that exploitation is currently considered unlikely. Because the flaw requires local file‑system access to the WinRAR installation directory, the attack vector is inferred to be local rather than remote. The vulnerability is not currently catalogued by CISA’s KEV list. Overall, the risk is moderate, pending remediation.

Generated by OpenCVE AI on April 9, 2026 at 20:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WinRAR to a version newer than 5.61 that no longer relies on the winrar.lng file
  • As a temporary workaround, delete or rename any winrar.lng files found in the WinRAR installation directory to avoid accidental crashes

Generated by OpenCVE AI on April 9, 2026 at 20:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:x86:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Rarlab
Rarlab winrar
Vendors & Products Rarlab
Rarlab winrar

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violation at memory address 004F1DB8 when the application attempts to read invalid data.
Title WinRAR 5.61 Denial of Service via Malformed Language File
Weaknesses CWE-379
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Rarlab Winrar
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:07:45.413Z

Reserved: 2026-04-05T13:27:54.997Z

Link: CVE-2019-25677

cve-icon Vulnrichment

Updated: 2026-04-06T18:07:40.374Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:45.800

Modified: 2026-04-09T19:35:57.200

Link: CVE-2019-25677

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:45:23Z

Weaknesses