CVE-2026-27114

Summary

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular NextOffset chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.

Affected Software

VendorProductVersion RangeStatus
M2TeamNanaZip>= 5.0.1252.0, < 6.0.1630.0affected

Weaknesses

  • CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References