{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27711", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-23T17:56:51.203Z", "datePublished": "2026-02-25T23:44:26.848Z", "dateUpdated": "2026-02-26T15:07:47.597Z"}, "containers": {"cna": {"title": "NanaZip UFS Archive Parser Memory Corruption via Unvalidated Directory Record Length", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c"}], "affected": [{"vendor": "M2Team", "product": "NanaZip", "versions": [{"version": ">= 5.0.1252.0, < 6.0.1638.0", "status": "affected"}, {"version": ">= 6.1, < 6.5.1638.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:44:26.848Z"}, "descriptions": [{"lang": "en", "value": "NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip\u2019s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue."}], "source": {"advisory": "GHSA-rjwv-4w7x-hc9c", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:07:42.687682Z", "id": "CVE-2026-27711", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:07:47.597Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27711", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:07:42.687682Z"}}}], "references": [{"url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:07:35.012Z"}}], "cna": {"title": "NanaZip UFS Archive Parser Memory Corruption via Unvalidated Directory Record Length", "source": {"advisory": "GHSA-rjwv-4w7x-hc9c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "M2Team", "product": "NanaZip", "versions": [{"status": "affected", "version": ">= 5.0.1252.0, < 6.0.1638.0"}, {"status": "affected", "version": ">= 6.1, < 6.5.1638.0"}]}], "references": [{"url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c", "name": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip\u2019s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:44:26.848Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27711", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:07:47.597Z", "dateReserved": "2026-02-23T17:56:51.203Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T23:44:26.848Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:m2team:nanazip:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FBBB6F3-97EF-461D-A68D-980227F4E432", "versionEndExcluding": "6.0.1638.0", "versionStartIncluding": "5.0.1252.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip\u2019s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue."}, {"lang": "es", "value": "NanaZip es un archivador de archivos de c\u00f3digo abierto. A partir de la versi\u00f3n 5.0.1252.0 y antes de las versiones 6.0.1638.0 y 6.5.1638.0, una vulnerabilidad de corrupci\u00f3n de memoria en el analizador UFS de NanaZip permite que un archivo '.ufs/.ufs2/.img' manipulado active un acceso a memoria fuera de l\u00edmites durante la apertura/listado del archivo. El error es accesible a trav\u00e9s del flujo normal de apertura de archivos por parte del usuario y puede causar el bloqueo del proceso, el cuelgue y una corrupci\u00f3n de pila potencialmente explotable. Las versiones 6.0.1638.0 y 6.5.1638.0 solucionan el problema."}], "id": "CVE-2026-27711", "lastModified": "2026-02-27T17:51:29.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T00:16:24.843", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/M2Team/NanaZip/security/advisories/GHSA-rjwv-4w7x-hc9c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[5.0.1252.0,6.0.1638.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.1,6.5.1638.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "NanaZip", "source": "cna", "vendor": "M2Team"}, "product": "nanazip", "vendor": "m2team"}], "analysis": {"en": {"generated_at": "2026-04-17T14:41:21.621650+00:00", "value": {"mitigation_remediation": ["Upgrade NanaZip to version 6.0.1638.0 or later (e.g., 6.5.1638.0), which contains the parser fix.", "Until the upgrade can be deployed, isolate or quarantine untrusted archives and avoid opening .ufs/.ufs2/.img files from unknown sources.", "Monitor the application for crash or abnormal termination events; if such events occur, investigate for potential heap corruption anomalies and apply additional runtime protections such as ASLR and stack canaries as a temporary defense."], "summary": {"action": "Apply patch", "impact": "Out-of-bounds memory corruption in NanaZip's UFS parser"}, "threat_synthesis": {"affected_systems": "This flaw affects NanaZip applications distributed by M2Team. Specifically, all releases starting at version 5.0.1252.0 up to, but not including, 6.0.1638.0 and 6.5.1638.0 are vulnerable.", "description_and_impact": "NanaZip uses a UFS parser to process .ufs/.ufs2/.img files. In versions 5.0.1252.0 through earlier 6.x releases, a defect in the parser lifts a directory record length without validation. When opening a crafted archive, the parser reads or writes beyond the intended bounds. The resulting memory corruption can cause the application to crash or hang, and the nature of heap corruption suggests that a malicious actor could potentially achieve arbitrary code execution if the vulnerability is reliably exploitable. This type of flaw is classified as an out-of-bounds memory access (CWE-125).", "risk_and_exploitability": "The CVSS v3.1 base score is 5.1, indicating a medium severity. The Exploit Prediction Scoring System assigns the exploit probability to less than 1\u202f%, implying that, even if the vulnerability is known, successful exploitation is unlikely at this time. The issue is not listed in the CISA KEV catalog. Because the exploit requires a crafted archive file to be opened by a user, the attack vector can be inferred as local; an attacker would need to deliver or persuade a local user to open the malicious file. If exploited, consequences include application crash, potential denial of service, and, in the worst case, arbitrary code execution due to heap corruption."}}}}, "created": "2026-02-26T13:10:31.806492+00:00", "updated": "2026-04-17T14:45:21.036866+00:00", "vendors": ["m2team", "m2team$PRODUCT$nanazip"]}