Memory Exhaustion Vulnerability in NanaZip by M2Team
CVE-2026-55782

2.4LOW

Key Information:

Vendor

M2team

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55782?

NanaZip, a modern derivative of 7-Zip, has a vulnerability in its WebAssembly archive handler. In versions prior to 6.5.1749.0, it allocates buffers based on unchecked attacker-controlled data, which can lead to excessive memory allocation and process termination. Malicious users can exploit this flaw by crafting specific modules to trigger multi-gigabyte buffer allocations during file listing or extraction. This can result in memory exhaustion, disrupting normal operations. The issue has been addressed in version 6.5.1749.0, enhancing the application's robustness.

Affected Version(s)

NanaZip < 6.5.1749.0

References

CVSS V4

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.