CVE-2026-55783 in NanaZip
Summary
by MITRE • 07/10/2026
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passing Indices as NULL and NumItems as 0xFFFFFFFF. This causes a NULL pointer dereference in the standard Test archive or Extract all code path for WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archives, resulting in a process crash. This issue is fixed in version 6.5.1749.0.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/10/2026
This vulnerability exists within NanaZip version 6.5.1749.0 and earlier, representing a critical null pointer dereference flaw in the archive extraction engine that affects multiple internal archive handlers. The issue stems from improper handling of caller-supplied indices arrays during the extract operation when the archive engine signals to extract all items by passing Indices as NULL and NumItems as 0xFFFFFFFF. This specific combination triggers an unconditional dereference of the null pointer within the IInArchive handlers, specifically impacting seven in-house archive handlers: NanaZip.Codecs. The vulnerability manifests across several archive formats including WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archives, making it particularly concerning given the wide range of file types that could be affected.
The technical flaw represents a classic null pointer dereference vulnerability that falls under CWE-476, specifically targeting improper handling of null pointers in memory management operations. When the archive extraction engine attempts to process an extract-all operation with NULL indices and maximum item count, the code fails to validate these parameters before attempting to dereference the pointer, leading to immediate process termination. This type of vulnerability typically results in denial of service conditions where legitimate users cannot extract files from affected archives, and the crash occurs at the core extraction logic level rather than in user-facing components.
The operational impact of this vulnerability extends beyond simple denial of service, as it can be exploited by malicious actors to disrupt services or potentially escalate attacks. The flaw affects the standard Test archive functionality and Extract all code paths, which are fundamental operations in archive management systems. Attackers could leverage this issue to cause application crashes during legitimate archive processing, potentially leading to system instability or service interruption. In environments where automated archive processing occurs, such as build servers or file processing pipelines, this vulnerability could result in complete workflow failures. The fact that multiple archive formats are affected increases the attack surface significantly.
Mitigation strategies should focus on immediate patching to version 6.5.1749.0 or later, which contains the necessary fixes for the null pointer dereference issue. Organizations should also implement additional defensive measures including input validation of archive parameters and monitoring for unusual application crash patterns during archive operations. The fix likely involves adding proper null pointer checks before dereferencing the Indices array, ensuring that the code properly handles the special case where Indices is NULL and NumItems equals 0xFFFFFFFF. From an ATT&CK perspective, this vulnerability could be categorized under T1499.004 (Virtualization/Sandbox Evasion) if exploited in sandboxed environments, though primarily it represents a Denial of Service vector that aligns with T1566 (Phishing) or T1059 (Command and Scripting Interpreter) when used in malicious contexts to disrupt legitimate operations.