CVE-2026-27114

UNKNOWN 0.0

NanaZip has ROMFS Archive Infinite Loop

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.

CWE	CWE-835
Vendor	m2team
Product	nanazip
Published	Feb 19, 2026
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for m2team nanazip

Be the first to know when new unknown vulnerabilities affecting m2team nanazip are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

M2Team / NanaZip

>= 5.0.1252.0, < 6.0.1630.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/M2Team/NanaZip/security/advisories/GHSA-hfg9-6rf9-5pgx github.com: https://github.com/user-attachments/files/25274528/poc.zip