M2Team NanaZip up to 5.0.1252.0 recursion

Summaryinfo

A vulnerability identified as problematic has been detected in M2Team NanaZip up to 5.0.1252.0. This issue affects some unknown processing. This manipulation causes recursion. The identification of this vulnerability is CVE-2026-27014. The attack can only be executed locally. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability has been found in M2Team NanaZip up to 5.0.1252.0 and classified as problematic. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a recursion vulnerability. The CWE definition for the vulnerability is CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. As an impact it is known to affect availability. The summary by CVE is:

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbounded recursion (stack overflow) in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.

It is possible to read the advisory at github.com. This vulnerability is known as CVE-2026-27014 since 02/17/2026. The exploitation appears to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 6.0.1630.0 eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• M2Team

Name

• NanaZip

Version

• 5.0.1252

Website

• Product: https://github.com/M2Team/NanaZip/

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion