Description
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.
Published: 2026-04-22
Score: 2.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: Malicious .desktop launcher injection
Action: Configure umask
AI Analysis

Impact

A flaw in nano causes the ~/.local directory to be created with insecure permissions (0777 instead of the intended 0700) when the system umask is permissive. This allows a local attacker to place a malicious .desktop file into the directory, which the desktop environment may execute or process, potentially leading to unintended actions or information disclosure. The weakness stems from insecure permissions (CWE-732) and is exploitable by any user able to write to the affected directory. The primary impact is local code execution through a seemingly innocuous launcher file, and if the launcher triggers privileged commands, this could elevate the attacker’s capabilities.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux releases 6 through 10, as well as Red Hat OpenShift Container Platform 4. Users of these distributions who run nano on a system with a permissive umask are at risk, regardless of the specific minor version or patch level, because the directory permissions reasoning remains unchanged. The issue is tied to nano’s default directory creation behavior and the overall system configuration.

Risk and Exploitability

The CVSS base score is 2.5, reflecting the local scope and modest impact. EPSS is not available, which indicates no known exploitation data at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. The likely attack vector is a local user with the ability to write to the affected directory; an attacker would craft a malicious .desktop file and allow the desktop environment to process it. The risk is moderate but can be mitigated with a simple configuration change.

Generated by OpenCVE AI on April 22, 2026 at 09:30 UTC.

Remediation

Vendor Workaround

Ensure that the system's umask is configured to a secure value, such as `0022` or `0077`, to prevent the creation of world-writable directories. This can be set system-wide in `/etc/profile` or `/etc/bashrc`, or for individual users in their `~/.bashrc` or `~/.profile`. A secure umask will ensure that newly created directories, including `~/.local` by `nano`, have appropriate permissions.

OpenCVE Recommended Actions

  • Set the system-wide umask to 0022 or 0077 by adding "umask 0022" (or "umask 0077") to /etc/profile or /etc/bashrc to prevent world-writable directories from being created.
  • Locate and remove any unintended .desktop files that may have already been created before the umask change, and check for anomalies in user home directories.
  • Apply any available nano updates that address directory permission handling, or uninstall nano if it is not needed.

Generated by OpenCVE AI on April 22, 2026 at 09:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Vendors & Products Redhat openshift Container Platform
References
Metrics threat_severity

None

 threat_severity

Low

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.
Title Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-732
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Redhat Enterprise Linux Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T13:07:57.497Z

Reserved: 2026-04-22T07:20:17.989Z

Link: CVE-2026-6842

cve-icon Vulnrichment

Updated: 2026-04-22T13:07:54.134Z

cve-icon NVD

Status : Received

Published: 2026-04-22T08:16:13.170

Modified: 2026-04-22T08:16:13.170

Link: CVE-2026-6842

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-13T00:00:00Z

Links: CVE-2026-6842 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:31Z

Weaknesses