CVE-2026-42446

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0

Description A stack-based out-of-bounds read exists in the ZealFS filesystem image parser. This occurs when opening a specially crafted ZealFS v1 filesystem image, where an attacker-controlled BitmapSize field in the file header triggers an unbounded loop that reads past the end of a stack-allocated ZEALFS V1 HEADER structure.

Recommendations Update to version 6.0.1698.0.