Null Pointer Dereference in NanaZip Affects Archive Handling
CVE-2026-55783

2.4LOW

Key Information:

Vendor

M2team

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55783?

NanaZip, a modern derivative of 7-Zip designed for Windows, experiences a null pointer dereference vulnerability in its archive extraction functionality. Before version 6.5.1749.0, the application improperly handles scenarios where the Extract function is called with a NULL Indices array. This flaw allows for the potential disruption of service, leading to application crashes when processing WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive formats. Users are encouraged to update to version 6.5.1749.0 or higher to mitigate this issue.

Affected Version(s)

NanaZip < 6.5.1749.0

References

CVSS V4

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.