CVE-2026-32810

Name of the Vulnerable Software and Affected Versions Halloy versions prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb

Description Halloy, an IRC application written in Rust, improperly manages file permissions when creating its configuration directory and files on *nix and macOS systems. Specifically, the application uses default umask permissions, resulting in 0644 for files and 0755 for directories. This allows any local user on the system to read sensitive information, including plaintext credentials, stored in the config.toml file or referenced within password file paths.

Recommendations Update to a version with commit f180e41061db393acf65bc99f5c5e7397586d9cb or later.