CVE-2026-27114 PUBLISHED

NanaZip has ROMFS Archive Infinite Loop

Assigner: GitHub_M
Reserved: 17.02.2026 Published: 19.02.2026 Updated: 19.02.2026

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular NextOffset chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 5.1

Product Status

Vendor M2Team
Product NanaZip
Versions
  • Version >= 5.0.1252.0, < 6.0.1630.0 is affected

References

Problem Types

  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') CWE