{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27709", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-23T17:56:51.203Z", "datePublished": "2026-02-25T23:39:03.772Z", "dateUpdated": "2026-02-26T15:49:04.311Z"}, "containers": {"cna": {"title": "NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv"}], "affected": [{"vendor": "M2Team", "product": "NanaZip", "versions": [{"version": ">= 5.0.1252.0, < 6.0.1638.0", "status": "affected"}, {"version": ">= 6.1, < 6.5.1638.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:39:03.772Z"}, "descriptions": [{"lang": "en", "value": "NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip\u2019s `.NET Single File Application` parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed `RelativePathLength` so the parser constructs a `std::string` from memory beyond `HeaderBuffer`, leading to crash and potential in-process memory disclosure. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue."}], "source": {"advisory": "GHSA-vr4w-xc78-w6fv", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:48:59.155515Z", "id": "CVE-2026-27709", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:49:04.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength", "source": {"advisory": "GHSA-vr4w-xc78-w6fv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "M2Team", "product": "NanaZip", "versions": [{"status": "affected", "version": ">= 5.0.1252.0, < 6.0.1638.0"}, {"status": "affected", "version": ">= 6.1, < 6.5.1638.0"}]}], "references": [{"url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv", "name": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip\u2019s `.NET Single File Application` parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed `RelativePathLength` so the parser constructs a `std::string` from memory beyond `HeaderBuffer`, leading to crash and potential in-process memory disclosure. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:39:03.772Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27709", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:48:59.155515Z"}}}], "references": [{"url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-02-26T15:48:53.216Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-27709", "state": "PUBLISHED", "dateUpdated": "2026-02-25T23:39:03.772Z", "dateReserved": "2026-02-23T17:56:51.203Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T23:39:03.772Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:m2team:nanazip:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FBBB6F3-97EF-461D-A68D-980227F4E432", "versionEndExcluding": "6.0.1638.0", "versionStartIncluding": "5.0.1252.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip\u2019s `.NET Single File Application` parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed `RelativePathLength` so the parser constructs a `std::string` from memory beyond `HeaderBuffer`, leading to crash and potential in-process memory disclosure. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue."}, {"lang": "es", "value": "NanaZip es un archivador de archivos de c\u00f3digo abierto. A partir de la versi\u00f3n 5.0.1252.0 y anteriores a las versiones 6.0.1638.0 y 6.5.1638.0, el analizador de 'Aplicaci\u00f3n de Archivo \u00danico .NET' de NanaZip tiene una vulnerabilidad de lectura fuera de l\u00edmites en el an\u00e1lisis del manifiesto. Un paquete manipulado puede proporcionar una 'RelativePathLength' malformada de modo que el analizador construye un 'std::string' a partir de memoria m\u00e1s all\u00e1 de 'HeaderBuffer', lo que lleva a un fallo y a una posible divulgaci\u00f3n de memoria en proceso. Las versiones 6.0.1638.0 y 6.5.1638.0 solucionan el problema."}], "id": "CVE-2026-27709", "lastModified": "2026-02-27T17:54:12.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T00:16:24.490", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-vr4w-xc78-w6fv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[5.0.1252.0,6.0.1638.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.1,6.5.1638.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "NanaZip", "source": "cna", "vendor": "M2Team"}, "product": "nanazip", "vendor": "m2team"}], "analysis": {"en": {"generated_at": "2026-04-17T14:42:02.685930+00:00", "value": {"mitigation_remediation": ["Upgrade NanaZip to version 6.0.1638.0 or later to apply the parser fix.", "If an upgrade is not immediately possible, restrict the use of NanaZip to trusted archives and deny the application access to untrusted files.", "Run NanaZip in a sandboxed or isolated environment to contain any potential memory disclosure and to detect crashes promptly."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected vendor is M2Team, product NanaZip. The issue exists in all releases from 5.0.1252.0 up to, but not including, 6.0.1638.0 and 6.5.1638.0. Versions 6.0.1638.0 and 6.5.1638.0 contain the fix for the parser vulnerability.", "description_and_impact": "The vulnerability is an out-of-bounds read that occurs when the .NET Single\u2011File Application parser in NanaZip constructs a string from memory beyond the header buffer. A malformed RelativePathLength field in a crafted archive causes the parser to read arbitrary memory, which can lead to a memory disclosure or a crash. The weakness is a missing boundary check (CWE\u2011125).", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity. The EPSS score is less than 1%, suggesting a low probability of real\u2011world exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation would require delivery of a malicious archive that contains an invalid RelativePathLength; the attack is inferred to be local or remote depending on how the archive is supplied to the application, but no remote code execution is possible from the information provided."}}}}, "created": "2026-02-26T13:10:33.591637+00:00", "updated": "2026-04-17T14:45:21.037731+00:00", "vendors": ["m2team", "m2team$PRODUCT$nanazip"]}