Medium severity4.4NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-44215
CVE-2026-44215
Description
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the write within a ~254-byte window past the heap allocation boundary. This vulnerability is fixed in 6.0.1698.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/M2Team/NanaZip/security/advisories/GHSA-44wh-7gc3-w936nvdExploitMitigationVendor Advisory
News mentions
0No linked articles in our index yet.