CVE-2026-27710

MEDIUM
2026-02-26 [email protected]
5.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 27, 2026 - 17:53 vuln.today
Public exploit code
CVE Published
Feb 26, 2026 - 00:16 nvd
MEDIUM 5.0

Tags

Dotnet Integer Overflow Nanazip

Description

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s `.NET Single File Application` parser. A crafted bundle can force an integer underflow in header-size calculation and trigger an unbounded memory allocation attempt during archive open. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.

Analysis

NanaZip versions 5.0.1252.0 through 6.5.1637.x contain an integer underflow in the .NET Single File Application parser that allows local attackers with user privileges to cause denial of service through unbounded memory allocation when opening a specially crafted archive file. Public exploit code exists for this vulnerability. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems running version 5.0.1252.0 and and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +25
POC: +20

Share

CVE-2026-27710 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy