CVE-2026-27709
Out-of-Bounds Read in NanaZip .NET Parser Causes Crash, Memory Disclosure
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| m2team | nanazip | From 5.0.1252.0 (inc) to 6.0.1638.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27709 is an out-of-bounds read vulnerability in NanaZip's .NET Single-File Application manifest parser. The issue occurs because the parser reads a field called RelativePathLength from untrusted input without properly verifying that the length is within the bounds of the allocated buffer (HeaderBuffer). This allows an attacker to craft a malicious archive with a malformed RelativePathLength value that causes the parser to read memory beyond the intended buffer."}, {'type': 'paragraph', 'content': 'This out-of-bounds read can lead to application crashes and potentially disclose in-process memory contents by interpreting adjacent heap memory as string data. The vulnerability affects NanaZip versions starting from 5.0.1252.0 up to but not including versions 6.0.1638.0 and 6.5.1638.0, where it has been fixed.'}] [1]
How can this vulnerability impact me? :
This vulnerability can cause NanaZip to crash when opening a specially crafted archive, resulting in a Denial of Service (DoS) condition.
Additionally, it may lead to unintended disclosure of in-process memory contents, which could expose sensitive information depending on the environment and what data resides in memory adjacent to the buffer.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests when NanaZip processes a crafted .NET Single File Application bundle with a malformed RelativePathLength field, causing crashes or abnormal behavior during file open operations.
Detection can involve monitoring for application crashes or abnormal behavior when opening archives with NanaZip versions 5.0.1252.0 up to but not including 6.0.1638.0 and 6.5.1638.0.
Since the vulnerability is triggered by opening maliciously crafted files, you can detect attempts by scanning for usage of vulnerable NanaZip versions and monitoring logs for crashes or errors related to archive parsing.
There is no specific command-line detection tool or signature provided, but you can use system monitoring tools to watch for NanaZip crashes or unusual process terminations.
- Check NanaZip version installed: Use commands like `nanazip --version` or check the application properties to confirm if the version is vulnerable.
- Monitor system logs for NanaZip crashes or errors when opening archives.
- Use file integrity monitoring to detect unexpected or suspicious .NET Single File Application bundles being opened.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade NanaZip to a fixed version.
- Update NanaZip to version 6.0.1638.0, 6.5.1638.0, or later, where the vulnerability has been patched.
- Avoid opening untrusted or suspicious .NET Single File Application bundles with vulnerable versions of NanaZip.
- Implement application whitelisting or restrict usage of NanaZip to trusted users to reduce exposure.
- Monitor NanaZip usage and logs for crashes or abnormal behavior that could indicate exploitation attempts.