CISA alerts on antivirus and EDR failing to scan malformed ZIPs

Antivirus and Endpoint Detection And Response (EDR) archive-scanning engines can fail to detect malicious payloads when ZIP archive metadata is malformed, allowing a compressed payload to remain hidden until decompression and potential execution.

Technical details include Common Vulnerabilities and Exposures (CVE) identifiers CVE-2026-0866 and a noted similarity to VU#968818, CVE-2004-0935. ZIP archives carry metadata such as compression method, flags, and version information; altering the compression method field can cause antivirus engines to not decompress an entry. A custom loader that ignores the declared Method field can instead decompress embedded data directly. Standard extraction tools including 7‑Zip, unzip, bsdtar, and Python’s zipfile trust the declared compression method, attempt decompression, then fail with CRC or “unsupported method” errors and do not expose the underlying data. Date Public: 2004-12-10; Date First Published: 2026-03-09; Date Last Updated: 2026-03-09 16:09 UTC; Document Revision: 1.

A remote attacker may craft a ZIP archive with tampered metadata that prevents antivirus or EDR software from properly decompressing and inspecting its contents. The file can evade full analysis while many products will flag it as corrupted. To run malicious code, a user must extract or otherwise process the archive; standard extraction tools may or may not reveal the hidden payload. A custom loader that ignores the declared compression method could recover and execute the concealed content.

Antivirus and EDR vendors should not rely solely on declared archive metadata to determine content handling. Scanners should implement more aggressive detection modes that validate compression method fields against actual content characteristics and flag inconsistencies for further inspection. No vendor-specific fixes are listed in this advisory.

Users are encouraged to contact their antivirus or EDR providers to determine whether they are affected and to obtain guidance on available mitigation options. Acknowledgements in the advisory name reporter Christopher Aziz and author Laurie Tyzenhaus.