๐Ÿ” CVE Alert

CVE-2026-55782

UNKNOWN 0.0

NanaZip: Unbounded memory allocation (DoS) in NanaZip WebAssembly parser via attacker-controlled section/name length fields

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
2th

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against the data present in the file. A tiny crafted module can force multi-gigabyte allocations during listing or extraction through NameSize, Information.Size, and std::string or vector allocation paths, causing memory exhaustion or process termination. This issue is fixed in version 6.5.1749.0.

CWE CWE-400 CWE-789
Vendor m2team
Product nanazip
Published Jul 10, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for m2team nanazip

Be the first to know when new unknown vulnerabilities affecting m2team nanazip are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

M2Team / NanaZip
< 6.5.1749.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/M2Team/NanaZip/security/advisories/GHSA-qxhc-2v6p-wm8m github.com: https://github.com/M2Team/NanaZip/commit/1ce90f2d14a984476d0407a835273705607facf2 github.com: https://github.com/M2Team/NanaZip/commit/56aee89037947410dd5e66f3a087e0f290484bae github.com: https://github.com/M2Team/NanaZip/commit/92b12a6e1eb0cf8e88fcc277aa7508ca1ff27db6 github.com: https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0