๐Ÿ” CVE Alert

CVE-2026-55780

UNKNOWN 0.0

NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
2th

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0.

CWE CWE-248 CWE-400
Vendor m2team
Product nanazip
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for m2team nanazip

Be the first to know when new unknown vulnerabilities affecting m2team nanazip are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

M2Team / NanaZip
< 6.5.1749.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72 github.com: https://github.com/M2Team/NanaZip/commit/ad62e3b4970b9f01e924c99094d6fed7a42f849a github.com: https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0