What is the CVSS score of CVE-2026-6843?

CVE-2026-6843 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-6843?

Yes, a patch is available for CVE-2026-6843. Update the affected software to the latest version immediately.

nano CVE-2026-6843

EUVD-2026-24708 MEDIUM

Use of Externally-Controlled Format String (CWE-134)

2026-04-22 redhat

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Openshift Container Platform 4

5.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SUSE

MEDIUM

qualitative

Red Hat

5.5 MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 22, 2026 - 10:03 vuln.today

EUVD ID Assigned

Apr 22, 2026 - 09:00 euvd

EUVD-2026-24708

Analysis Generated

Apr 22, 2026 - 09:00 vuln.today

CVE Published

Apr 22, 2026 - 08:30 nvd

MEDIUM 5.5

DescriptionCVE.org

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline() function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the nano application.

AnalysisAI

Format string vulnerability in nano's statusline() function allows local users to trigger a segmentation fault via directory names containing printf specifiers, causing denial of service. Exploitation requires user interaction (opening a directory with the crafted name) on systems where nano is available to local users. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Create malicious directory with format specifiers

Delivery

Place in location accessible to target user

Exploit

Target opens nano file browser

Execution

Nano displays directory name in status line

Persist

Format string parser reads memory

Impact

Segmentation fault crashes nano

Access

Create malicious directory with format specifiers

Delivery

Place in location accessible to target user

Exploit

Target opens nano file browser

Execution

Nano displays directory name in status line

Persist

Format string parser reads memory

Impact

Segmentation fault crashes nano

Vulnerability AssessmentAI

Exploitation	Exploitation requires a local attacker to create a directory with a name containing printf format specifiers in a location where the target user will browse using nano's file browser or where nano will display the directory name in the status line. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 5.5 with AV:L (local only), AC:L (low complexity), PR:N (no privileges), UI:R (requires user interaction), and impact limited to availability (A:H) indicates moderate real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A local user creates a directory named something like 'test_%x_%x_%x' in /tmp. When another user opens nano and browses the file system or uses the file browser feature, nano attempts to display the directory name in the status line. …
Remediation	Apply the security patch released by Red Hat. … Detailed patch versions, workarounds, and compensating controls in full report.