CVE-2026-27711
Memory Corruption in NanaZip UFS Parser Causes Crash
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| m2team | nanazip | From 5.0.1252.0 (inc) to 6.0.1638.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27711 is a moderate severity memory corruption vulnerability in NanaZip's UFS archive parser affecting versions 5.0.1252.0 and prior to 6.0.1638.0 and 6.5.1638.0. It arises from improper validation of directory record lengths in UFS (.ufs/.ufs2/.img) archive files."}, {'type': 'paragraph', 'content': 'Specifically, the parser reads directory entry fields from untrusted data without verifying that the record fits within the remaining buffer, and it does not check that the directory record length is non-zero or within sane bounds before advancing pointers. This allows crafted archive files to trigger out-of-bounds memory access during archive opening or listing.'}, {'type': 'paragraph', 'content': 'This out-of-bounds access can cause heap corruption, process crashes, or hangs. The vulnerability is reachable through normal user file-open operations in NanaZip.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory access and heap corruption when opening or listing maliciously crafted UFS archive files in NanaZip.
The immediate impact includes potential denial of service through application crashes or hangs.
Depending on the memory allocator and runtime protections in place, the heap corruption might be exploitable, potentially allowing an attacker to execute arbitrary code or cause further harm.
However, there is no impact on confidentiality or integrity of data, but availability of the application is significantly affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if NanaZip versions 5.0.1252.0 and prior to 6.0.1638.0 or 6.5.1638.0 are installed and if they are used to open or list UFS archive files (.ufs, .ufs2, .img).
A practical detection method involves attempting to open or list suspicious or untrusted UFS archive files with the vulnerable NanaZip versions and observing if the application crashes, hangs, or exhibits abnormal behavior.
Additionally, a proof-of-concept Python script exists that generates malformed UFS files with invalid directory record lengths to trigger the vulnerability, which can be used to test if the system is vulnerable.
No specific network commands are applicable since the attack vector is local and requires user interaction to open crafted files.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade NanaZip to a fixed version, specifically version 6.0.1638.0 or later, or version 6.5.1638.0 or later, where this vulnerability has been patched.
Until the upgrade is applied, avoid opening or listing untrusted or suspicious UFS archive files (.ufs, .ufs2, .img) with vulnerable versions of NanaZip to prevent triggering the memory corruption.
Implement user awareness to not open unknown or unverified archive files that could exploit this vulnerability.