๐Ÿ” CVE Alert

CVE-2026-55783

UNKNOWN 0.0

NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passing Indices as NULL and NumItems as 0xFFFFFFFF. This causes a NULL pointer dereference in the standard Test archive or Extract all code path for WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archives, resulting in a process crash. This issue is fixed in version 6.5.1749.0.

CWE CWE-476
Vendor m2team
Product nanazip
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for m2team nanazip

Be the first to know when new unknown vulnerabilities affecting m2team nanazip are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

M2Team / NanaZip
< 6.5.1749.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/M2Team/NanaZip/security/advisories/GHSA-q67r-9cfh-xc29 github.com: https://github.com/M2Team/NanaZip/commit/5d74d90b737ac7096e5d944a5a3070c5c6a8f894 github.com: https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0