Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
NanaZip ROMFS Archive Parser Infinite Loop
CVE-2026-27114
Summary
NanaZip versions 5.0.1252.0 to 6.0.1629.0 contain a bug that can cause the software to hang or crash when trying to extract archives. This is a critical issue because it can prevent users from accessing their files. To fix this, update to version 6.0.1630.0 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| m2team | nanazip | > 5.0.1252.0 , <= 6.0.1630.0 | – |
Original title
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0....
Original description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
nvd CVSS3.1
7.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-835
- https://github.com/M2Team/NanaZip/security/advisories/GHSA-hfg9-6rf9-5pgx Exploit Third Party Advisory
- https://github.com/user-attachments/files/25274528/poc.zip Exploit
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026