Memory Corruption Vulnerability in NanaZip File Archive Software
CVE-2026-27711

5.1MEDIUM

Key Information:

Vendor: M2team
Status: Nanazip
Vendor: CVE Published:; 25 February 2026

What is CVE-2026-27711?

NanaZip, an open-source file archiving tool, features a memory corruption vulnerability in its UFS parser. This flaw affects versions 5.0.1252.0 and earlier than 6.0.1638.0 and 6.5.1638.0. It allows a crafted '.ufs', '.ufs2', or '.img' file to trigger out-of-bounds memory access during file operations, such as opening or listing archives. The vulnerability is accessible through standard user interactions, which can lead to crashes, hangs, or potentially exploitable heap corruption. Users are advised to upgrade to versions 6.0.1638.0 or 6.5.1638.0 to mitigate these risks.

Affected Version(s)

NanaZip >= 5.0.1252.0, < 6.0.1638.0 < 5.0.1252.0, 6.0.1638.0

NanaZip >= 6.1, < 6.5.1638.0 < 6.1, 6.5.1638.0

References

https://github.com/M2Team/NanaZip/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27711 Data

JSON

M2team

What is CVE-2026-27711?

Affected Version(s)

References

CVSS V4

Timeline