Back to search
CVE-2026-27710
Published: Feb 25, 2026
Modified: Feb 26, 2026
PUBLISHED
Description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s `.NET Single File Application` parser. A crafted bundle can force an integer underflow in header-size calculation and trigger an unbounded memory allocation attempt during archive open. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
| Vendor | Product | Versions |
|---|---|---|
M2Team | NanaZip | affected >= 5.0.1252.0, < 6.0.1638.0affected >= 6.1, < 6.5.1638.0 |
Weaknesses (CWE)
References
https://github.com/M2Team/NanaZip/security/advisories/GHSA-89qw-8p49-32wf
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now