CVE-2026-27709 - Vulnerability Analysis
MediumCVSS: 6.6Last Updated: February 27, 2026
NanaZip - Out-of-Bounds Read
Published: February 26, 2026Updated: February 27, 2026PoC Available
Overview
NanaZip <= 5.0.1252.0 and < 6.0.1638.0, 6.5.1638.0 contains an out-of-bounds read vulnerability caused by malformed RelativePathLength in .NET Single File Application manifest parsing, letting attackers cause crash and potential memory disclosure, exploit requires crafted bundle.
Severity & Score
Severity: Medium
CVSS Score: 6.6
Impact
Attackers can cause application crash and potentially disclose in-process memory, leading to information leakage.
Mitigation
Update to versions 6.0.1638.0 or 6.5.1638.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-27709
- Severity
- Medium
- CVSS Score
- 6.6
- Type
- out_of_bounds_rw
- Status
- confirmed
CWE
- CWE-125
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H