Skip to main content

Nano

2 CVEs product

Monthly

CVE-2026-40556 LOW PATCH Monitor

GNU nano creates the ~/.local directory with world-writable permissions (0777) on first use of XDG data storage features when the directory does not exist, allowing local attackers in systems with relaxed umasks (such as containers, CI/CD runners, or environments with umask 000) to write attacker-controlled files into the victim's XDG directory hierarchy via a race condition. The vulnerability affects nano versions before 9.0 and carries a CVSS score of 2.1 with CISA SSVC assessment indicating partial technical impact but no known public exploitation.

Information Disclosure Nano
NVD VulDB
CVSS 4.0
2.1
CVE-2024-5742 MEDIUM This Month

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Nano Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVSS 2.1
LOW PATCH Monitor

GNU nano creates the ~/.local directory with world-writable permissions (0777) on first use of XDG data storage features when the directory does not exist, allowing local attackers in systems with relaxed umasks (such as containers, CI/CD runners, or environments with umask 000) to write attacker-controlled files into the victim's XDG directory hierarchy via a race condition. The vulnerability affects nano versions before 9.0 and carries a CVSS score of 2.1 with CISA SSVC assessment indicating partial technical impact but no known public exploitation.

Information Disclosure Nano
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Nano Enterprise Linux
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy