CVE-2026-42355

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0

Description An uncontrolled recursion issue exists in the Electron Archive (ASAR) parser. When opening a specially crafted .asar file containing deeply nested JSON in the header, the nlohmann::json::parse function and the GetAllPaths() function recurse without depth limits. This leads to thread stack exhaustion, resulting in a crash of the process.

Recommendations Update to version 6.0.1698.0.