CVE-2026-27710
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0,
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger an unbounded memory allocation attempt during archive open.
Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
MEDIUM · CVSS 5
EPSS 0.00018
Schedule remediation
- Public exploit or PoC is available
Sigma rules0
YARA rules0