CVE-2026-27709

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1637.0 and 6.5.1637.0

Description NanaZip, an open source file archive, contains a flaw in its .NET Single File Application parser. Specifically, the parser exhibits an out-of-bounds read condition during manifest parsing. A specially crafted file can provide a malformed RelativePathLength value, causing the parser to construct a std::string using memory beyond the HeaderBuffer. This can lead to a program crash and potential in-process memory disclosure.

Recommendations Update to NanaZip version 6.0.1638.0 or 6.5.1638.0.