CVE-2026-26282
NanaZip has DotNet Single file OOB Heap Read
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue.
| CWE | CWE-126 |
| Vendor | m2team |
| Product | nanazip |
| Published | Feb 19, 2026 |
| Last Updated | Feb 20, 2026 |
Stay Ahead of the Next One
Get instant alerts for m2team nanazip
Be the first to know when new unknown vulnerabilities affecting m2team nanazip are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
M2Team / NanaZip
>= 5.0.1252.0, < 6.0.1630.0