CVE-2026-40556
Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
GNU nano creates the user’s ~/.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group (XDG) data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where the process umask does not sufficiently restrict permissions. In systems with a relaxed or zero umask, such as container environments, CI/CD runners, embedded systems, or user shells configured with umask 000, this results in ~/.local being created as world‑writable. A local attacker can exploit a race window between nano’s creation of ~/.local and its subsequent creation of more restrictive subdirectories to write attacker‑controlled files into the victim’s XDG directory hierarchy. This problem was fixed in nano version 9.0
| CWE | CWE-732 |
| Vendor | gnu |
| Product | nano |
| Published | Apr 28, 2026 |
| Last Updated | Apr 28, 2026 |
Get instant alerts for gnu nano
Be the first to know when new unknown vulnerabilities affecting gnu nano are published — delivered to Slack, Telegram or Discord.