CVE-2026-27711

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-27711
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c Exploit Vendor Advisory
https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:m2team:nanazip:*:*:*:*:*:*:*:*
History

27 Feb 2026, 17:51

Type Values Removed Values Added
CPE cpe:2.3:a:m2team:nanazip:*:*:*:*:*:*:*:*
References () https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c - () https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.6
First Time M2team
M2team nanazip

27 Feb 2026, 14:06

Type Values Removed Values Added
Summary
  • (es) NanaZip es un archivador de archivos de código abierto. A partir de la versión 5.0.1252.0 y antes de las versiones 6.0.1638.0 y 6.5.1638.0, una vulnerabilidad de corrupción de memoria en el analizador UFS de NanaZip permite que un archivo '.ufs/.ufs2/.img' manipulado active un acceso a memoria fuera de límites durante la apertura/listado del archivo. El error es accesible a través del flujo normal de apertura de archivos por parte del usuario y puede causar el bloqueo del proceso, el cuelgue y una corrupción de pila potencialmente explotable. Las versiones 6.0.1638.0 y 6.5.1638.0 solucionan el problema.

26 Feb 2026, 16:24

Type Values Removed Values Added
References () https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c - () https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c -

26 Feb 2026, 00:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-26 00:16

Updated : 2026-02-27 17:51

NVD link : CVE-2026-27711

Mitre link : CVE-2026-27711

CVE.ORG link : CVE-2026-27711

JSON object : View

Products Affected

m2team

  • nanazip
CWE
CWE-125

Out-of-bounds Read