CVE-2026-26282

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1629.9

Description NanaZip, an open source file archive, contains an out-of-bounds heap read in the .NET Single File bundle header parser due to a missing bounds check. Opening a specially crafted file with NanaZip can lead to a crash or the leakage of heap data to the user.

Recommendations Update to NanaZip version 6.0.1630.0 or later.