diff --git a/libarchive-3.7.1-CVE-2026-4111.patch b/libarchive-3.7.1-CVE-2026-4111.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c8be608be17c04f2fd50d160e87f09024f06cc62
--- /dev/null
+++ b/libarchive-3.7.1-CVE-2026-4111.patch
@@ -0,0 +1,27 @@
+From 7273d04803a1e5a482f26d8d0fbaf2b204a72168 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Sun, 1 Mar 2026 20:24:56 -0800
+Subject: [PATCH] Reject filters when the block length is nonsensical
+
+Credit: Grzegorz Antoniak @antekone
+
+
+---
+ libarchive/archive_read_support_format_rar5.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
+index 1f90994..16d0789 100644
+--- a/libarchive/archive_read_support_format_rar5.c
++++ b/libarchive/archive_read_support_format_rar5.c
+@@ -2914,7 +2914,9 @@ static int parse_filter(struct archive_read* ar, const uint8_t* p) {
+ 	if(block_length < 4 ||
+ 	    block_length > 0x400000 ||
+ 	    filter_type > FILTER_ARM ||
+-	    !is_valid_filter_block_start(rar, block_start))
++	    !is_valid_filter_block_start(rar, block_start) ||
++	    (rar->cstate.window_size > 0 &&
++	     (ssize_t)block_length > rar->cstate.window_size >> 1))
+ 	{
+ 		archive_set_error(&ar->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ 		    "Invalid filter encountered");
diff --git a/libarchive.spec b/libarchive.spec
index ac72d878623317cb656157045a65147f131ff730..84d79fcd1ad59adeec0330555953ec2a8090d707 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -1,7 +1,7 @@
 Summary:        A library for handling streaming archive formats
 Name:           libarchive
 Version:        3.7.1
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        BSD
 URL:            https://www.libarchive.org/
 Source0:        https://libarchive.org/downloads/%{name}-%{version}.tar.gz
@@ -33,6 +33,7 @@ Patch0015:      CVE-2025-5917.patch
 Patch0016:      CVE-2025-5918.patch
 # https://github.com/libarchive/libarchive/pull/2787
 Patch0017:      CVE-2025-60753.patch
+Patch0018:      libarchive-3.7.1-CVE-2026-4111.patch
 
 Patch3001:      0001-Drop-rmd160-from-OpenSSL.patch
 
@@ -129,6 +130,10 @@ rm %{buildroot}%{_mandir}/man5/{tar,cpio,mtree}.5*
 
 
 %changelog
+* Mon Mar 23 2026 PkgAgent Robot <pkgagent@opencloudos.tech> - 3.7.1-12
+- [Type] security
+- [DESC] Fix CVE-2026-4111 vulnerability
+
 * Tue Dec 09 2025 rockerzhu <rockerzhu@tencent.com> - 3.7.1-11
 - [Type] Security
 - [Desc] Fix CVE-2025-60753.