PT-2026-35729 · Gnu · Nano
Marcin Wyczechowski
+1
·
Published
2026-04-28
·
Updated
2026-04-29
·
CVE-2026-40556
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
GNU nano versions prior to 9.0
Description
GNU nano creates the user's
~/.local directory with overly permissive permissions when it does not already exist. During the first use of features requiring Cross-Desktop Group (XDG) data storage, the software requests directory mode 0777. In environments with a relaxed or zero umask (such as container environments, CI/CD runners, embedded systems, or shells configured with umask 000), this makes the directory world-writable. A local attacker can exploit a race window between the creation of ~/.local and the subsequent creation of more restrictive subdirectories to write controlled files into the victim's XDG directory hierarchy.Recommendations
Update to version 9.0.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nano