What is the CVSS score of EUVD-2026-36506?

EUVD-2026-36506 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-36506?

Yes, a patch is available for EUVD-2026-36506. Update the affected software to the latest version immediately.

NanaZip EUVD-2026-36506

| CVE-2026-47222 MEDIUM

Out-of-bounds Read (CWE-125)

2026-06-12 GitHub_M

Microsoft Information Disclosure Denial Of Service Google Buffer Overflow Nanazip

5.4

CVSS 3.1 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

vuln.today AI

5.4 MEDIUM

File delivered over network (AV:N), no crafting complexity (AC:L), no privileges needed (PR:N), but user must open file (UI:R); heap overread yields limited confidentiality exposure (C:L) and deterministic crash (A:L) with no integrity impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Patch available

Jun 12, 2026 - 18:01 EUVD

Analysis Generated

Jun 12, 2026 - 17:36 vuln.today

CVE Published

Jun 12, 2026 - 16:56 cve.org

MEDIUM 5.4

DescriptionCVE.org

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). An unsigned integer underflow in a bounds check allows an attacker-controlled value_num_bytes field to pass validation, causing AddNameToString to read up to ~4 GiB past the end of a 64 KiB heap buffer. This causes a deterministic crash (denial of service) when opening a crafted .avb or .img file. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.

AnalysisAI

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may leak heap memory contents when a victim opens a crafted .avb or .img file. Affected versions span 3.0.1000.0 through any release before 6.0.1698.0, covering a wide install base of Windows users. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious .avb/.img with underflowing value_num_bytes

Delivery

Deliver file to victim via email or download

Exploit

Victim opens file in NanaZip

Execution

AvbHandler bounds check bypassed via unsigned underflow

Persist

AddNameToString reads ~4 GiB past 64 KiB heap buffer

Impact

Process crash (DoS) with potential incidental heap data exposure