CVE-2026-6842

ADVISORY - nist

Summary

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the ~/.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.

EPSS Score⁠: 0.00012 (0.018)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-732⁠

Incorrect Permission Assignment for Critical Resource

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.