CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS image with a deep directory tree or an inode cycle causes stack exhaustion, crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.7%

CVSS Severity

CVSS v3 Score 3.3

References

https://github.com/M2Team/NanaZip/security/advisories/GHSA-jpf5-j78p-cp3x

Products affected by CVE-2026-42445

M2team » Nanazip » Version: 5.0.1252.0

cpe:2.3:a:m2team:nanazip:5.0.1252.0
M2team » Nanazip » Version: 5.0.1263.0

cpe:2.3:a:m2team:nanazip:5.0.1263.0
M2team » Nanazip » Version: 5.1.1252.0

cpe:2.3:a:m2team:nanazip:5.1.1252.0
M2team » Nanazip » Version: 5.1.1263.0

cpe:2.3:a:m2team:nanazip:5.1.1263.0
M2team » Nanazip » Version: 6.0.1461.0

cpe:2.3:a:m2team:nanazip:6.0.1461.0
M2team » Nanazip » Version: 6.0.1621.0

cpe:2.3:a:m2team:nanazip:6.0.1621.0
M2team » Nanazip » Version: 6.0.1630.0

cpe:2.3:a:m2team:nanazip:6.0.1630.0
M2team » Nanazip » Version: 6.0.1632.0

cpe:2.3:a:m2team:nanazip:6.0.1632.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42445

Products

Pricing

Contact Us