Description
A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

A local user can trigger a segmentation fault in the nano editor by creating a directory whose name contains printf format specifiers. The vulnerable statusline() function attempts to display the directory name without proper sanitization, causing nano to crash. The resulting denial of service is confined to the instance of the nano application and does not compromise system integrity or confidentiality directly.

Affected Systems

The flaw affects Red Hat Enterprise Linux 10, 6, 7, 8, and 9, as well as Red Hat OpenShift Container Platform 4. Users running the nano editor on these platforms are potentially exposed.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires local user access and involves a directory name crafted with format specifiers. Exploitation results in a graceful crash of the nano process, effectively denying its use until a restart or mitigate step is taken.

Generated by OpenCVE AI on April 22, 2026 at 11:24 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Red Hat has not published a patch; its advisory cites a format‑string flaw (CWE‑134).
  • Use an alternative editor such as vi, emacs, or micro, or uninstall nano if not required.
  • Restrict or sanitize directory names to escape or prohibit printf specifiers, thereby preventing the crash.
  • Monitor Red Hat security channels for updates and apply fixes when released.

Generated by OpenCVE AI on April 22, 2026 at 11:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat nano
Redhat openshift Container Platform
Vendors & Products Redhat nano
Redhat openshift Container Platform

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

threat_severity

Moderate

Wed, 22 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.
Title Nano: nano: format string vulnerability leads to denial of service
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-134
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux Nano Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T12:04:58.643Z

Reserved: 2026-04-22T07:23:19.148Z

Link: CVE-2026-6843

cve-icon Vulnrichment

Updated: 2026-04-22T12:04:53.758Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T09:16:26.963

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-6843

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-13T00:00:00Z

Links: CVE-2026-6843 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T20:21:08Z

Weaknesses