CVE-2026-27711 - Vulnerability Analysis
MediumCVSS: 6.6Last Updated: February 27, 2026
NanaZip - Memory Corruption
Published: February 26, 2026Updated: February 27, 2026PoC Available
Overview
NanaZip 5.0.1252.0 to before 6.0.1638.0 and 6.5.1638.0 contains a memory corruption vulnerability caused by out-of-bounds memory access in the UFS parser when opening crafted .ufs/.ufs2/.img files, letting attackers cause process crash or heap corruption, exploit requires user to open a crafted archive file.
Severity & Score
Severity: Medium
CVSS Score: 6.6
Impact
Attackers can cause process crash, hang, or potentially execute arbitrary code via heap corruption.
Mitigation
Update to version 6.0.1638.0 or 6.5.1638.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-27711
- Severity
- Medium
- CVSS Score
- 6.6
- Type
- out_of_bounds_rw
- Status
- confirmed
CWE
- CWE-125
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H