This is a high-severity vulnerability in the UNACEV2.dll library used by WinRAR to extract ACE-format archives. An attacker can craft a malicious archive that, when extracted, places files into the Windows Startup folder instead of the intended destination, allowing for Remote Code Execution (RCE) when the system reboots.
. This flaw allows attackers to execute malicious code on your computer just by having you extract a specially crafted archive. Recommendation: It is strongly advised to update to the latest stable version (currently 7.20 as of early 2026) from the official RARLAB website to ensure your system is protected. Installation Guide winrar 5.61 -32-bit-
To download and install WinRAR 5.61 -32-bit-, users can follow these steps: This is a high-severity vulnerability in the UNACEV2