CVE-2026-6842 PUBLISHED

Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

Assigner: redhat
Reserved: 22.04.2026 Published: 22.04.2026 Updated: 22.04.2026

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the ~/.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 2.5

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: affected

Workarounds

Ensure that the system's umask is configured to a secure value, such as 0022 or 0077, to prevent the creation of world-writable directories. This can be set system-wide in /etc/profile or /etc/bashrc, or for individual users in their ~/.bashrc or ~/.profile. A secure umask will ensure that newly created directories, including ~/.local by nano, have appropriate permissions.

Credits

Red Hat would like to thank Michał Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue.

References

Problem Types

Incorrect Permission Assignment for Critical Resource CWE