CVE-2026-27710
Received Received - Intake
Integer Underflow in NanaZip .NET Parser Causes DoS

Publication date: 2026-02-26

Last updated on: 2026-02-27

Assigner: GitHub, Inc.

Description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s `.NET Single File Application` parser. A crafted bundle can force an integer underflow in header-size calculation and trigger an unbounded memory allocation attempt during archive open. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27710
EUVD
EUVD-2026-8768
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
m2team nanazip From 5.0.1252.0 (inc) to 6.0.1638.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27710 is a denial-of-service (DoS) vulnerability in NanaZip's .NET Single-File Application parser caused by an integer underflow during header-size calculation."}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the parser reads a signed integer value called BundleHeaderOffset from untrusted input without properly validating that it is within the valid range. If this value is negative or larger than the bundle size, subtracting it from the bundle size causes an integer underflow, resulting in a very large unsigned value.'}, {'type': 'paragraph', 'content': 'This incorrect size leads NanaZip to attempt to allocate an excessively large amount of memory, which can cause the program to crash or exhaust system memory when opening a crafted file.'}, {'type': 'paragraph', 'content': 'The attack requires only local access and low privileges, and is triggered by opening a specially crafted single-file-like binary in NanaZip.'}] [1]

Impact Analysis

This vulnerability can impact you by causing NanaZip to crash or become unstable due to excessive memory allocation attempts.

The main impact is a loss of availability, as the program may run out of memory or terminate unexpectedly when processing a maliciously crafted archive.

There are no confidentiality or integrity impacts reported for this vulnerability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by identifying attempts to open crafted .coreclrapphost or single-file-like binaries in NanaZip that trigger abnormal memory allocation or crashes.

A proof-of-concept Python script exists that creates a malicious file with a BundleHeaderOffset larger than the file size, which can be used to test if NanaZip is vulnerable.

Detection on the system can involve monitoring NanaZip process crashes or out-of-memory conditions when opening suspicious archive files.

Since the attack vector is local and triggered by opening a crafted file, commands to detect this vulnerability would focus on verifying the NanaZip version installed and scanning for suspicious files.

  • Check NanaZip version installed: For example, run NanaZip with a version flag or check installed package versions.
  • Monitor NanaZip process crashes or memory usage spikes when opening archives.
  • Use the provided proof-of-concept Python script (from Resource 1) to create a test file and attempt to open it with NanaZip to confirm vulnerability.
Mitigation Strategies

The immediate mitigation step is to upgrade NanaZip to a fixed version.

  • Update NanaZip to version 6.0.1638.0 or later, or 6.5.1638.0 or later, where the vulnerability is patched.
  • Avoid opening untrusted or suspicious .coreclrapphost or single-file-like binaries with NanaZip until the update is applied.
  • Monitor NanaZip for crashes or abnormal memory usage as a temporary detection measure.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27710. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart