Sign In

CVE-2026-6843

ADVISORY - nist

Summary

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline() function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the nano application.

EPSS Score: 0.00019 (0.056)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-134

Use of Externally-Controlled Format String

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-6843
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-134

CVSS SCORE

5.5medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2026-6843
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-6843
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-6843
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium