Skip to main content

NanaZip CVE-2026-55780

| EUVDEUVD-2026-42956 LOW
Uncaught Exception (CWE-248)
2026-07-10 GitHub_M
2.4
CVSS 4.0 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY
2.4 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Attacker needs no privileges to craft the file; local vector and required user interaction (opening the file) limit reach; impact is availability only.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 18:01 EUVD
Analysis Generated
Jul 10, 2026 - 17:40 vuln.today

DescriptionCVE.org

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0.

AnalysisAI

Process crash via uncaught C++ exception in NanaZip's .NET single-file bundle handler affects all versions prior to 6.5.1749.0 on Windows. The extraction buffer is sized from the bundle entry's Size field, which is validated only for sign - not against the actual file content - allowing a crafted archive to trigger an attacker-controlled allocation whose resulting std::bad_alloc or std::length_error propagates across the COM STDMETHODCALLTYPE ABI boundary and terminates the NanaZip process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious .NET single-file bundle with oversized Size field
Delivery
Deliver crafted file to target via email or web
Exploit
Victim opens file with NanaZip
Install
DotNetSingleFile codec reads unvalidated Size field
C2
Heap allocation fails, std::bad_alloc or std::length_error thrown
Execute
Uncaught exception escapes COM STDMETHODCALLTYPE boundary
Impact
NanaZip process crashes

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) the victim has NanaZip prior to 6.5.1749.0 installed on Windows; (2) the victim opens a crafted .NET single-file bundle (a specific archive format) using NanaZip, providing the DotNetSingleFile codec code path; (3) passive user interaction (UI:P) - the victim must initiate the file open action. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 2.4 (AV:L/AC:L/AT:N/PR:L/UI:P/VA:L) accurately reflects the constrained real-world impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a .NET single-file bundle with a bundle entry Size field set to a value far exceeding available memory or std::vector's max_size, then delivers it to a target via email attachment, download link, or shared drive. When the victim opens the file in a vulnerable NanaZip version, the DotNetSingleFile codec attempts to allocate the attacker-specified buffer, a C++ exception propagates across the COM boundary, and NanaZip crashes. …
Remediation Upgrade NanaZip to version 6.5.1749.0 or later, which contains the vendor-released patch (https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0; fix commit https://github.com/M2Team/NanaZip/commit/ad62e3b4970b9f01e924c99094d6fed7a42f849a). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-27114 HIGH POC
7.5 Feb 19

Nanazip versions up to 6.0.1630.0 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

CVE-2026-26282 MEDIUM POC
6.6 Feb 19

NanaZip versions 5.0.1252.0 through 6.0.1629.0 contain an out-of-bounds heap read in the .NET Single File bundle parser

CVE-2026-27711 MEDIUM POC
6.6 Feb 26

NanaZip versions 5.0.1252.0 through 6.5.1637.0 contain an out-of-bounds memory access flaw in the UFS file parser that c

CVE-2026-27709 MEDIUM POC
6.6 Feb 26

Out-of-bounds memory read in NanaZip versions 5.0.1252.0 through 6.0.1637.x allows local authenticated attackers to disc

CVE-2026-27014 MEDIUM POC
5.5 Feb 19

NanaZip versions 5.0.1252.0 through 6.0.1629.0 are vulnerable to denial of service through malformed ROMFS archives that

CVE-2026-27710 MEDIUM POC
5.0 Feb 26

NanaZip versions 5.0.1252.0 through 6.5.1637.x contain an integer underflow in the .NET Single File Application parser t

CVE-2026-47223 MEDIUM
5.4 Jun 12

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser allows unauthenticated remote attac

CVE-2026-47222 MEDIUM
5.4 Jun 12

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may lea

CVE-2026-44215 MEDIUM
4.4 May 12

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write e

CVE-2026-42446 MEDIUM
4.4 May 12

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in

CVE-2026-47224 MEDIUM
4.3 Jun 12

Heap out-of-bounds read in NanaZip's inherited 7-Zip LvmHandler component allows an unauthenticated remote attacker to c

CVE-2026-42445 LOW
3.3 May 12

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability ex

Share

CVE-2026-55780 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy