Skip to main content

NanaZip CVE-2026-55781

| EUVDEUVD-2026-42957 LOW
Uncontrolled Resource Consumption (CWE-400)
2026-07-10 GitHub_M
2.4
CVSS 4.0 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY
2.4 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
2.8 LOW

Attacker must deliver file locally (AV:L, PR:L); victim must open it (UI:R); only NanaZip process crashes with no scope change or C/I impact (S:U, C:N, I:N, A:L).

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 18:01 EUVD
Analysis Generated
Jul 10, 2026 - 17:41 vuln.today

DescriptionCVE.org

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fs_fsize fragment size, allowing attacker-controlled 32-bit fields to flow into indirect-block, directory, and extraction buffer allocations. A tiny crafted UFS image can force multi-gigabyte allocations during open or extraction, causing memory exhaustion or process termination. This issue is fixed in version 6.5.1749.0.

AnalysisAI

Memory exhaustion in NanaZip's UFS/FFS archive handler (all versions prior to 6.5.1749.0) allows a local low-privilege attacker to terminate the NanaZip process by delivering a crafted disk image that a user opens. The root cause is missing upper-bound validation of the fs_fsize fragment size field in the UFS superblock - unlike fs_bsize, which is checked against MINBSIZE, fs_fsize flows unchecked into indirect-block, directory, and extraction buffer allocation calculations, enabling a tiny image file to trigger multi-gigabyte heap allocation requests. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious UFS image with maximum-range fs_fsize field
Delivery
Deliver image to victim via phishing or file share
Exploit
Victim opens image in NanaZip
Execution
Unchecked field drives multi-gigabyte heap allocation
Impact
NanaZip process memory exhausted and terminated

Vulnerability AssessmentAI

Exploitation Exploitation requires a user running NanaZip prior to version 6.5.1749.0 on Windows to open or attempt extraction of a specially crafted UFS or FFS disk image file. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 2.4 (Low) is well-calibrated for this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a minimal UFS disk image - potentially only a few hundred bytes - embedding an `fs_fsize` value near the 32-bit maximum and delivers it to a target via phishing email, malicious download site, or shared network folder. When the victim opens or attempts to extract the image in NanaZip prior to 6.5.1749.0, the handler multiplies the attacker-controlled fragment size into allocation requests, exhausting available process memory and terminating NanaZip without any broader system impact. …
Remediation Upgrade NanaZip to version 6.5.1749.0 or later, which introduces proper validation of the `fs_fsize` fragment size field alongside the existing `fs_bsize` check; the patched release is available at https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0 and the specific fix can be reviewed at commit 6415b6bff70bc9c486b49cbbc1982724c67f8338. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-27114 HIGH POC
7.5 Feb 19

Nanazip versions up to 6.0.1630.0 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

CVE-2026-26282 MEDIUM POC
6.6 Feb 19

NanaZip versions 5.0.1252.0 through 6.0.1629.0 contain an out-of-bounds heap read in the .NET Single File bundle parser

CVE-2026-27711 MEDIUM POC
6.6 Feb 26

NanaZip versions 5.0.1252.0 through 6.5.1637.0 contain an out-of-bounds memory access flaw in the UFS file parser that c

CVE-2026-27709 MEDIUM POC
6.6 Feb 26

Out-of-bounds memory read in NanaZip versions 5.0.1252.0 through 6.0.1637.x allows local authenticated attackers to disc

CVE-2026-27014 MEDIUM POC
5.5 Feb 19

NanaZip versions 5.0.1252.0 through 6.0.1629.0 are vulnerable to denial of service through malformed ROMFS archives that

CVE-2026-27710 MEDIUM POC
5.0 Feb 26

NanaZip versions 5.0.1252.0 through 6.5.1637.x contain an integer underflow in the .NET Single File Application parser t

CVE-2026-47223 MEDIUM
5.4 Jun 12

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser allows unauthenticated remote attac

CVE-2026-47222 MEDIUM
5.4 Jun 12

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may lea

CVE-2026-44215 MEDIUM
4.4 May 12

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write e

CVE-2026-42446 MEDIUM
4.4 May 12

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in

CVE-2026-47224 MEDIUM
4.3 Jun 12

Heap out-of-bounds read in NanaZip's inherited 7-Zip LvmHandler component allows an unauthenticated remote attacker to c

CVE-2026-42445 LOW
3.3 May 12

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability ex

Share

CVE-2026-55781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy