What is the CVSS score of CVE-2026-27709?

CVE-2026-27709 has a CVSS 3.1 base score of 6.6 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of .NET are affected by CVE-2026-27709?

Organizations using version 5.0.1252.0 and should be aware of notable risk from CVE-2026-27709, a out-of-bounds read vulnerability rated CVSS 6.6.

Is there a public PoC exploit available for CVE-2026-27709?

Yes, a public proof-of-concept exploit is available for CVE-2026-27709. Prioritise patching immediately. EPSS: 0.0%.

.NET CVE-2026-27709

MEDIUM

Out-of-bounds Read (CWE-125)

2026-02-26 security-advisories@github.com

.NET Denial Of Service Nanazip

6.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.6 MEDIUM

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 27, 2026 - 17:54 vuln.today

Public exploit code

CVE Published

Feb 26, 2026 - 00:16 nvd

MEDIUM 6.6

DescriptionGitHub Advisory

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the parser constructs a std::string from memory beyond HeaderBuffer, leading to crash and potential in-process memory disclosure. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.

AnalysisAI

Out-of-bounds memory read in NanaZip versions 5.0.1252.0 through 6.0.1637.x allows local authenticated attackers to disclose in-process memory or trigger application crashes by crafting malicious .NET Single File Application bundles with malformed manifest headers. Public exploit code exists for this vulnerability, and patches are available in versions 6.0.1638.0 and 6.5.1638.0. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 6.6 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this flaw, crash and potential in-process memory disclosure.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems running version 5.0.1252.0 and and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-27709 vulnerability details – vuln.today

Back