CVE-2024-5742

CVE-2024-5742 affects GNU Nano. The root cause is an insecure emergency file handling: if Nano is killed during editing, an emergency file can be written with the user’s permissions, and a malicious symlink could point to a root-owned target, enabling privilege escalation. Connected advisories in...

CVE-2010-1160

GNU nano before 2.2.4 is vulnerable: a file is overwritten during save without verifying the destination file change, enabling a local user-assisted symlink attack to overwrite an attacker-owned file. Impact: local privilege or integrity risk when editing files. Affected component: nano (pre-2.2....

CVE-2010-1161

The CVE-2010-1161 entry documents a race condition in GNU nano prior to 2.2.4. When nano is run by root to edit a file not owned by root, a local user can influence the creation of backup files to change ownership of arbitrary files. This is a local, user-initiated vulnerability with partial inte...

CVE-2026-6843

CVE-2026-6843 affects the nano editor. A local user can trigger a format string vulnerability in the statusline() function by creating a directory whose name contains printf specifiers; nano attempts to display this name and may segfault, causing a Denial of Service. The vulnerability is document...