CVE-2026-6843
5.5 MEDIUMA flaw was found in nano
Published: 2026-04-22 · Last updated: 2026-05-20
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- CWE
- CWE-134
Affected products
| Vendor | Product |
|---|---|
| gnu | enterprise_linux, nano, openshift_container_platform |
| redhat | enterprise_linux, nano, openshift_container_platform |
Description
A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-50259 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)
- CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
Same CWE
- CVE-2026-6242 — An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of external...
- CVE-2026-6241 — An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improper...
- CVE-2026-50211 — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privi... (9.8 CRITICAL)
- CVE-2026-7835 — A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of servi... (3.1 LOW)
- CVE-2026-6474 — Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via craf... (4.3 MEDIUM)