PatchSiren cyber security CVE debrief
CVE-2026-47224 M2Team CVE debrief
CVE-2026-47224 is a MEDIUM severity vulnerability in NanaZip, a 7-Zip derivative, affecting versions from 3.0.1000.0 to before 6.0.1698.0. A heap buffer-overflow read exists in the LVM2 physical-volume metadata parser. The vulnerability is triggered when opening a crafted LVM disk image. This issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.
- Vendor
- M2Team
- Product
- NanaZip
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of NanaZip, specifically those using versions from 3.0.1000.0 to before 6.0.1698.0, should be aware of this vulnerability and take steps to update to a patched version.
Technical summary
The vulnerability is a heap buffer-overflow read in the LVM2 physical-volume metadata parser in NanaZip (via the upstream 7-Zip LvmHandler). It is triggered by opening a crafted LVM disk image.
Defensive priority
MEDIUM
Recommended defensive actions
- Update NanaZip to stable version 6.0.1698.0 or preview version 6.5.1742.0 to patch the vulnerability.
Evidence notes
The vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity.
Official resources
-
CVE-2026-47224 CVE record
CVE.org
-
CVE-2026-47224 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47224 was published on 2026-06-12T17:16:24.227Z and has not been modified since then.