{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6842", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-22T07:20:17.989Z", "datePublished": "2026-04-22T07:34:26.360Z", "dateUpdated": "2026-04-22T13:07:57.497Z"}, "containers": {"cna": {"title": "Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6842", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460018", "name": "RHBZ#2460018", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-13T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource", "workarounds": [{"lang": "en", "value": "Ensure that the system's umask is configured to a secure value, such as `0022` or `0077`, to prevent the creation of world-writable directories. This can be set system-wide in `/etc/profile` or `/etc/bashrc`, or for individual users in their `~/.bashrc` or `~/.profile`. A secure umask will ensure that newly created directories, including `~/.local` by `nano`, have appropriate permissions."}], "timeline": [{"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Micha\u0142 Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-22T07:36:47.825Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T13:07:50.621296Z", "id": "CVE-2026-6842", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:07:57.497Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6842", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T13:07:50.621296Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:07:54.134Z"}}], "cna": {"title": "Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions", "credits": [{"lang": "en", "value": "Red Hat would like to thank Micha\u0142 Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "nano", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-04-13T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6842", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460018", "name": "RHBZ#2460018", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Ensure that the system's umask is configured to a secure value, such as `0022` or `0077`, to prevent the creation of world-writable directories. This can be set system-wide in `/etc/profile` or `/etc/bashrc`, or for individual users in their `~/.bashrc` or `~/.profile`. A secure umask will ensure that newly created directories, including `~/.local` by `nano`, have appropriate permissions."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-22T07:36:47.825Z"}, "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"}}, "cveMetadata": {"cveId": "CVE-2026-6842", "state": "PUBLISHED", "dateUpdated": "2026-04-22T13:07:57.497Z", "dateReserved": "2026-04-22T07:20:17.989Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-22T07:34:26.360Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed."}], "id": "CVE-2026-6842", "lastModified": "2026-04-22T21:23:52.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-22T08:16:13.170", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-6842"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460018"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Micha\u0142 Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue.", "bugzilla": {"description": "nano: nano: Local attacker can inject malicious .desktop launcher due to insecure directory permissions", "id": "2460018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460018"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-732", "details": ["A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed."], "mitigation": {"lang": "en:us", "value": "Ensure that the system's umask is configured to a secure value, such as `0022` or `0077`, to prevent the creation of world-writable directories. This can be set system-wide in `/etc/profile` or `/etc/bashrc`, or for individual users in their `~/.bashrc` or `~/.profile`. A secure umask will ensure that newly created directories, including `~/.local` by `nano`, have appropriate permissions."}, "name": "CVE-2026-6842", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "nano", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6842\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6842"], "statement": "This is a Low impact flaw where nano creates the `~/.local` directory with insecure permissions (0777) in permissive umask environments. A local attacker can exploit this to inject a malicious `.desktop` launcher. This issue affects Red Hat Enterprise Linux 8 and 9.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 10", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Red Hat OpenShift Container Platform 4", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_container_platform", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-22T09:30:40.055491+00:00", "value": {"mitigation_remediation": ["Set the system-wide umask to 0022 or 0077 by adding \"umask 0022\" (or \"umask 0077\") to /etc/profile or /etc/bashrc to prevent world-writable directories from being created.", "Locate and remove any unintended .desktop files that may have already been created before the umask change, and check for anomalies in user home directories.", "Apply any available nano updates that address directory permission handling, or uninstall nano if it is not needed."], "summary": {"action": "Configure umask", "impact": "Malicious .desktop launcher injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Red\u00a0Hat Enterprise\u00a0Linux releases 6 through 10, as well as Red\u00a0Hat OpenShift Container Platform 4. Users of these distributions who run nano on a system with a permissive umask are at risk, regardless of the specific minor version or patch level, because the directory permissions reasoning remains unchanged. The issue is tied to nano\u2019s default directory creation behavior and the overall system configuration.", "description_and_impact": "A flaw in nano causes the ~/.local directory to be created with insecure permissions (0777 instead of the intended 0700) when the system umask is permissive. This allows a local attacker to place a malicious .desktop file into the directory, which the desktop environment may execute or process, potentially leading to unintended actions or information disclosure. The weakness stems from insecure permissions (CWE-732) and is exploitable by any user able to write to the affected directory. The primary impact is local code execution through a seemingly innocuous launcher file, and if the launcher triggers privileged commands, this could elevate the attacker\u2019s capabilities.", "risk_and_exploitability": "The CVSS base score is 2.5, reflecting the local scope and modest impact. EPSS is not available, which indicates no known exploitation data at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. The likely attack vector is a local user with the ability to write to the affected directory; an attacker would craft a malicious .desktop file and allow the desktop environment to process it. The risk is moderate but can be mitigated with a simple configuration change."}}}}, "created": "2026-04-22T09:45:13.084492+00:00", "updated": "2026-04-22T11:44:31.406642+00:00", "vendors": ["redhat", "redhat$PRODUCT$enterprise_linux", "redhat$PRODUCT$openshift_container_platform"]}