Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-27710

CVE-2026-27710

MEDIUM5.1

NanaZip .NET Single-File Parser Integer Underflow Leads to Unbounded Allocation (DoS)

Published Feb 25, 2026

Modified 6 days ago

Details

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger an unbounded memory allocation attempt during archive open. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.

References

https://github.com/M2Team/NanaZip/security/advisories/GHSA-89qw-8p49-32wf

https://www.cve.org/CVERecord?id=CVE-2026-27710

CVSS Analysis

CVSS v4.0

5.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

PassiveUI:P

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.1/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedFeb 25, 2026

ModifiedFeb 26, 2026

CVE-2026-27710 | Mondoo Vulnerability Intelligence