Back to search
CVE-2026-26282
Published: Feb 19, 2026
Modified: Feb 20, 2026
PUBLISHED
Description
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue.
| Vendor | Product | Versions |
|---|---|---|
M2Team | NanaZip | affected >= 5.0.1252.0, < 6.0.1630.0 |
Weaknesses (CWE)
References
https://github.com/M2Team/NanaZip/security/advisories/GHSA-ccpc-2222-xv5c
x_refsource_CONFIRM
https://github.com/user-attachments/files/25274143/poc.exe.zip
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now