CVE-2026-6842

CVSS v3.1

2.5

Low

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the ~/.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2026-6842

Affected Products

Red Hat Enterprise Linux 10

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 8

Red Hat Enterprise Linux 9

Red Hat Openshift Container Platform 4

CVE-2026-6842

Weakness Enumeration

Related Identifiers

Affected Products

References · 3