diff --git a/libarchive-3.5.3-Fix-CVE-2026-4424.patch b/libarchive-3.5.3-Fix-CVE-2026-4424.patch
new file mode 100644
index 0000000..ef3dd42
--- /dev/null
+++ b/libarchive-3.5.3-Fix-CVE-2026-4424.patch
@@ -0,0 +1,23 @@
+# This patch originally consisted of 3 hunks on the upstream:
+# https://github.com/libarchive/libarchive/pull/2898/changes/e1907c5832b6489c7b4198b0825f857c93a03c10
+# https://github.com/libarchive/libarchive/pull/2898/changes/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375
+# but only the first hunk needs to be backported since the
+# logic fix the second hunk provides does not need to be added
+# as the logic is still correct in the current version of libarchive (3.5.3)
+# thus the vulnerability in the code does not yet exist
+#
+# the third hunk of the patch is not needed either as the part of
+# the code which contains the vulnerability is not yet present in this version (3.5.3)
+diff -Naur libarchive-3.5.3/libarchive/archive_read_support_format_rar.c libarchive-3.5.3_patched/libarchive/archive_read_support_format_rar.c
+--- libarchive-3.5.3/libarchive/archive_read_support_format_rar.c	2022-02-08 09:44:39.000000000 +0100
++++ libarchive-3.5.3_patched/libarchive/archive_read_support_format_rar.c	2026-04-09 12:19:25.997978581 +0200
+@@ -2325,7 +2325,8 @@
+       return (r);
+   }
+ 
+-  if (!rar->dictionary_size || !rar->lzss.window)
++  if (!rar->dictionary_size || !rar->lzss.window ||
++      (unsigned int)(rar->lzss.mask + 1) < rar->dictionary_size)
+   {
+     /* Seems as though dictionary sizes are not used. Even so, minimize
+      * memory usage as much as possible.
diff --git a/libarchive.spec b/libarchive.spec
index f214c86..74f860c 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -22,6 +22,9 @@ Patch5:		%{name}-3.5.3-Fix-CVE-2025-25724.patch
 Patch6:		%{name}-3.5.3-Fix-CVE-2025-5914.patch
 # Source: https://github.com/mmatuska/libarchive/commit/ec19fcbd20b18bd3b0fdcf2b3fb97789cd1bf575
 Patch7:		%{name}-3.5.3-Fix-CVE-2026-4111.patch
+# Source: https://github.com/libarchive/libarchive/pull/2898/changes/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375
+# and: https://github.com/libarchive/libarchive/pull/2898/changes/e1907c5832b6489c7b4198b0825f857c93a03c10
+Patch8:     %{name}-3.5.3-Fix-CVE-2026-4424.patch
 
 
 BuildRequires:  automake