Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
NanaZip: Infinite Loop and Crash Risk in File Archive Parsing
CVE-2026-27014
Summary
NanaZip, an open source file archive tool, has a bug in versions 5.0.1252.0 to 6.0.1630.0 that can cause it to loop endlessly or crash if it encounters a specific type of file structure. This can happen when trying to open or extract files from archives that have a particular kind of directory structure. Update to version 6.0.1630.0 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| m2team | nanazip | > 5.0.1252.0 , <= 6.0.1630.0 | – |
Original title
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbou...
Original description
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbounded recursion (stack overflow) in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
nvd CVSS3.1
5.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-674
- https://github.com/M2Team/NanaZip/security/advisories/GHSA-fc89-3f57-h9q5 Exploit Third Party Advisory
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026