Heap Buffer Overflow in NanaZip Affects 7-Zip Derivative for Windows
CVE-2026-47224

4.3MEDIUM

Key Information:

Vendor

M2team

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-47224?

A heap buffer overflow vulnerability exists in NanaZip, a modern 7-Zip derivative designed for Windows. This issue arises from the LVM2 physical-volume metadata parser, which can be exploited by opening a specially crafted LVM disk image. Users running NanaZip versions between 3.0.1000.0 and preceding 6.0.1698.0 are affected. The problem has been addressed in the stable release 6.0.1698.0 and the preview release 6.5.1742.0. It is essential for users to update their software to mitigate potential risks.

Affected Version(s)

NanaZip >= 3.0.1000.0, < 6.0.1698.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.