Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.2
NanaZip Crashes or Leaks Sensitive Data When Opening Malicious Files
CVE-2026-26282
Summary
NanaZip, an open-source file archive software, has a bug that causes it to crash or leak sensitive information when opening specially crafted files. This bug affects versions of NanaZip released before 6.0.1630.0. To fix this issue, update to version 6.0.1630.0 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| m2team | nanazip | > 5.0.1252.0 , <= 6.0.1630.0 | – |
Original title
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missi...
Original description
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue.
nvd CVSS3.1
6.6
nvd CVSS4.0
5.2
Vulnerability type
CWE-126
CWE-125
Out-of-bounds Read
- https://github.com/M2Team/NanaZip/security/advisories/GHSA-ccpc-2222-xv5c Exploit Third Party Advisory
- https://github.com/user-attachments/files/25274143/poc.exe.zip Exploit
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026