CVE-2026-27114
Received Received - Intake
Infinite Loop Vulnerability in NanaZip ROMFS Archive Parser

Publication date: 2026-02-19

Last updated on: 2026-02-26

Assigner: GitHub, Inc.

Description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27114
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
m2team nanazip From 5.0.1252.0 (inc) to 6.0.1630.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in NanaZip, an open source file archive software. In versions starting from 5.0.1252.0 up to but not including 6.0.1630.0, the ROMFS archive parser can enter an infinite loop due to circular NextOffset chains. This means that when processing certain specially crafted archive files, the parser gets stuck following offsets in a loop without end.

The issue is fixed in version 6.0.1630.0.

Impact Analysis

The infinite loop caused by circular NextOffset chains in the ROMFS archive parser can lead to denial of service conditions. Specifically, the software may become unresponsive or hang when processing maliciously crafted archive files, potentially disrupting normal operations.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, update NanaZip to version 6.0.1630.0 or later, as this version patches the infinite loop issue caused by circular NextOffset chains in the ROMFS archive parser.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart