{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40556", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "REJECTED", "assignerShortName": "CERT-PL", "dateReserved": "2026-04-14T09:44:32.553Z", "datePublished": "2026-04-28T13:54:11.918Z", "dateUpdated": "2026-04-29T07:17:27.349Z", "dateRejected": "2026-04-29T07:15:52.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-04-29T07:17:27.349Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "replacedBy": ["CVE-2026-6842"], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40556", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "REJECTED", "assignerShortName": "CERT-PL", "dateReserved": "2026-04-14T09:44:32.553Z", "datePublished": "2026-04-28T13:54:11.918Z", "dateUpdated": "2026-04-29T07:17:27.349Z", "dateRejected": "2026-04-29T07:15:52.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-04-29T07:17:27.349Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "replacedBy": ["CVE-2026-6842"], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "id": "CVE-2026-40556", "lastModified": "2026-04-29T08:16:17.750", "metrics": {}, "published": "2026-04-28T15:16:30.150", "references": [], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Rejected"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.9.1,9.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nano", "source": "cna", "vendor": "GNU"}, "product": "nano", "vendor": "gnu"}], "analysis": {"en": {"generated_at": "2026-04-28T19:13:53.826501+00:00", "value": {"mitigation_remediation": ["Upgrade the GNU nano package to version 9.0 or later, where the .local directory is created with restrictive permissions.", "If an upgrade is not yet possible, configure a restrictive umask (at least 022) before launching nano so that ~/.local is not created with world\u2011writable mode.", "After installing nano, ensure that any existing ~/.local directories on affected systems have permissions set to 0755 or more restrictive and remove any world\u2011writable files that may have been created by the vulnerability."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Abuse through Directory Permission Mis\u2011configuration"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the GNU nano text editor. All releases prior to nano 9.0 create the ~/.local directory with world\u2011writable permissions. Systems that rely on nano for user interaction and that use a relaxed umask, such as container environments, CI/CD runners, embedded devices, or user shells set to umask 000, are at risk. The flaw is mitigated in nano 9.0 and later where the default directory mode is restricted.", "description_and_impact": "GNU nano creates a user\u2011specific directory called ~/.local with overly permissive permissions when it does not yet exist. The editor explicitly requests mode 0777 for this directory during the first XDG data storage operation, making it world\u2011writable in environments that do not enforce a restrictive umask. A local attacker who can run nano on the same system can exploit a window between the directory\u2019s creation and the subsequent creation of more restrictive subdirectories. By writing attacker\u2011controlled files into the XDG hierarchy, the attacker can potentially alter configuration or execution environment of applications that read files from ~/.local, leading to privilege abuse or local compromise. The weakness is a mis\u2011configuration that results in improper access control during directory creation (CWE\u2011732).", "risk_and_exploitability": "The CVSS score of 2.1 indicates low severity, and the EPSS score was not reported. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access to a process that can run nano; the attacker must also be able to observe or influence the race between the creation of ~/.local and the creation of subdirectories. Because of this race condition and the local nature of the flaw, the likelihood of exploitation is low, but in environments with a zero or very permissive umask the risk is higher. The attacker can use the malicious file to influence programs that read from the XDG directory hierarchy, potentially enabling local privilege escalation or denial of service of user applications."}}}}, "created": "2026-04-28T16:00:12.302186+00:00", "updated": "2026-04-28T19:15:25.437752+00:00", "vendors": ["gnu", "gnu$PRODUCT$nano"]}