Directory Permission Flaw in Nano Affects User Environments
CVE-2026-6842

2.5LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-6842?

A security flaw in the Nano text editor allows local attackers to exploit overly permissive directory permissions (set to 0777 instead of 0700) on the ~/.local directory. This misconfiguration can enable attackers to plant malicious '.desktop' launcher files, which when executed, may trigger unwanted actions or compromise sensitive information. Users should ensure that their directory permissions are properly configured to mitigate potential risks.

References

https://access.redhat.com/security/cve/CVE-2026-6842

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2460018

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 22, 2026

Credit

Red Hat would like to thank Michał Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue.

CVE-2026-6842 Data

JSON