REDHAT-BUG-2460018

Published Apr 21, 2026
·
Updated

nano creates ~/.local with mode 0777 instead of 0700. In permissive-umask environments (containers, CI), local attacker can race to inject malicious .desktop launcher. The subsequent mkdir for ~/.local/share correctly uses 0700. Affected: src/history.c lines 229-234. BZ#2455314. Reported by Michał Majchrowicz and Marcin Wyczechowski, AFINE Team.

Affected Software

1 affected component
GNU Nano

Event History

Apr 21, 2026
Data Sourced
via Red Hat·08:47 AM
DescriptionSeverityAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of REDHAT-BUG-2460018?

The severity of REDHAT-BUG-2460018 is considered moderate due to the potential for a local attacker to exploit the vulnerability.

2

How do I fix REDHAT-BUG-2460018?

To fix REDHAT-BUG-2460018, adjust the permissions of the ~/.local directory to 0700 after it is created.

3

What versions of GNU Nano are affected by REDHAT-BUG-2460018?

GNU Nano versions that create the ~/.local directory with mode 0777 are affected by REDHAT-BUG-2460018.

4

Can REDHAT-BUG-2460018 be exploited in container environments?

Yes, REDHAT-BUG-2460018 can be exploited in permissive-umask environments such as containers and continuous integration systems.

5

What is the impact of the vulnerability REDHAT-BUG-2460018?

The impact of REDHAT-BUG-2460018 allows a local attacker to race to inject a malicious .desktop launcher into the user's environment.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203