Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created the ~/.local directory with incorrect permissions. In environments with permissive umask settings, a local attacker could possibly use this issue to inject a malicious launcher file, resulting in information disclosure or other unintended actions. (CVE-2026-6842) Michał Majchrowicz and Marcin Wyczechowski discovered that Nano incorrectly handled directory names when updating the status line. A local attacker could possibly use this issue to cause Nano to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6843)
Continue reading...
Continue reading...
