Denial-of-Service Vulnerability in NanaZip File Archive by M2Team
CVE-2026-27710

5.1MEDIUM

Key Information:

Vendor: M2team
Status: Nanazip
Vendor: CVE Published:; 25 February 2026

What is CVE-2026-27710?

NanaZip, an open-source file archiving tool, is prone to a denial-of-service vulnerability due to flawed handling in its .NET Single File Application parser. This flaw, present from version 5.0.1252.0 up to versions 6.0.1638.0 and 6.5.1638.0, can be exploited by providing a specially crafted archive bundle. This can lead to an integer underflow scenario during header-size calculations, prompting unbounded memory allocation attempts when attempting to open the archive. Versions 6.0.1638.0 and 6.5.1638.0 have addressed and sorted out this issue, reinforcing the importance of timely updates.

Affected Version(s)

NanaZip >= 5.0.1252.0, < 6.0.1638.0 < 5.0.1252.0, 6.0.1638.0

NanaZip >= 6.1, < 6.5.1638.0 < 6.1, 6.5.1638.0

References

https://github.com/M2Team/NanaZip/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27710 Data

JSON

M2team

What is CVE-2026-27710?

Affected Version(s)

References

CVSS V4

Timeline