EUVD-2026-24633
GHSA-ccfr-97mr-qq8g
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the ~/.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.
AnalysisAI
Nano text editor creates ~/.local directory with overly permissive 0777 permissions instead of 0700 in environments with permissive umask settings, allowing local authenticated users to inject malicious .desktop launcher files that could lead to information disclosure or unintended actions when processed. CVSS score 2.5 reflects local attack vector and low integrity impact, with active exploitation status unknown and no public exploit code identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three specific conditions: (1) nano creating ~/.local directory with world-writable (0777) permissions, which occurs only when the system has permissive umask settings (typically 0077 or higher, not the Linux default of 0022); (2) the attacker must have a local user account on the system (PR:L in CVSS vector) and be able to write to ~/.local directory of another user; (3) the targeted user must have an active desktop environment that processes .desktop launcher files in the .local/share/applications directory during session initialization. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents low real-world risk despite affecting a widely-used text editor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user on a permissive multi-user system (with umask 0077 or higher) with desktop environment active creates a crafted .desktop launcher file in another user's ~/.local/share/applications directory, exploiting the world-writable permissions. When the targeted user logs in and the desktop environment processes .desktop files (a standard initialization step), the malicious launcher could execute commands or access files with that user's privileges, resulting in information disclosure or unintended actions. … |
| Remediation | Apply a patch from Red Hat that explicitly sets directory permissions to 0700 when creating ~/.local directory, regardless of umask setting. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The
Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat
Share
External POC / Exploit Code
Leaving vuln.today