CVE-2026-6842 affecting package nano for versions less than 6.4-3

CVE-2026-6842 affecting package nano for versions less than 6.4-3. A patched version of the package is available...

USN-8386-1 nano vulnerabilities

Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created the /.local directory with incorrect permissions. In environments with permissive umask settings, a local attacker could possibly use this issue to inject a malicious launcher file, resulting in information disclosure or othe...

Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

...

CVE-2026-40556

In the connected Debian/CVE entry, GNU nano is affected by a local permission issue: when the user’s ~/.local directory does not exist, nano creates it with mode 0777, making it world‑writable in environments where the umask is lax. This creates a race window where an attacker could leverage the ...

UBUNTU-CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

CVE-2026-6843

CVE-2026-6843 affects the nano editor. A local user can trigger a format string vulnerability in the statusline() function by creating a directory whose name contains printf specifiers; nano attempts to display this name and may segfault, causing a Denial of Service. The vulnerability is document...

CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

CVE-2026-6842

In Nano, a local attacker can exploit insecure directory permissions in environments with permissive umask settings. Specifically, overly permissive 0777 permissions on ~/.local allow injection of a malicious .desktop launcher, which could trigger unintended actions or information disclosure when...

CVE-2026-6842

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

Linux Distros Unpatched Vulnerability : CVE-2026-6843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing...

Azure Linux 3.0 Security Update: nano (CVE-2024-5742)

The version of nano installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5742 advisory. - A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary...

MiracleLinux 9 : nano-5.6.1-6.el9 (AXSA:2024-9155:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9155:02 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...

MiracleLinux 8 : nano-2.9.8-3.el8_10 (AXSA:2024-8840:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8840:01 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...

EUVD-2010-1191

Malware in sbrugna...

EUVD-2024-47130

Malicious code in bioql PyPI...

RockyLinux 9 : nano (RLSA-2024:9430)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9430 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...

RHEL 9 : nano (RHSA-2024:9430)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9430 advisory. GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the...

Ubuntu 14.04 LTS : nano vulnerability (USN-7064-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7064-2 advisory. USN-7064-1 fixed a vulnerability in nano. This update provides the corresponding update for Ubuntu 14.04 LTS. Tenable has extracted the preceding description bloc...

USN-7064-1: nano vulnerability

It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink...

USN-7064-1 nano vulnerability

It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink...