CVE-2026-32810 is a vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) affecting the Halloy IRC client developed by squidowl. Halloy versions up to 2026.4 on Unix-like and macOS platforms create configuration directories and files using default system umask permissions. Typically, this results in files having permissions of 0644 and directories 0755, which are overly permissive for sensitive configuration data. Specifically, the config.toml file and any password files referenced within it are stored in plaintext and are readable by any local user on the system. This exposure allows unauthorized local users to access plaintext credentials, potentially leading to unauthorized access or impersonation within IRC networks or other services relying on these credentials. The vulnerability does not require elevated privileges or user interaction to exploit but does require local access to the system. The issue was addressed in commit f180e41061db393acf65bc99f5c5e7397586d9cb, which presumably enforces stricter file permissions to protect sensitive files. No known exploits are reported in the wild as of the publication date. The CVSS 4.0 vector indicates low attack complexity, local attack vector, low confidentiality impact, and no impact on integrity or availability.

The primary impact of CVE-2026-32810 is the unauthorized disclosure of plaintext credentials stored in Halloy's configuration files. For organizations, this can lead to several risks: unauthorized access to IRC accounts or networks, potential lateral movement if credentials are reused, and exposure of sensitive communication channels. Since the vulnerability requires local access, it poses a significant risk in multi-user environments such as shared servers, development workstations, or any system where multiple users have shell access. Attackers with local access but without elevated privileges can exploit this to escalate their access or gather intelligence. While the vulnerability does not directly compromise system integrity or availability, the confidentiality breach can facilitate further attacks or data exfiltration. Organizations relying on Halloy for internal or external communications should consider the risk of credential leakage and potential downstream impacts on their security posture.

To mitigate CVE-2026-32810, organizations should immediately update Halloy to versions including or beyond the patch commit f180e41061db393acf65bc99f5c5e7397586d9cb. If immediate updating is not feasible, administrators should manually adjust file and directory permissions for Halloy's configuration files to restrict access to the owning user only (e.g., chmod 600 for files and chmod 700 for directories). Additionally, auditing local user accounts and limiting shell access to trusted personnel reduces the risk of exploitation. Employing filesystem access control mechanisms such as SELinux or AppArmor profiles can further restrict unauthorized reads. Organizations should also consider encrypting sensitive configuration data or using secure credential storage mechanisms rather than plaintext files. Regularly monitoring file permissions and access logs for anomalies can help detect attempts to exploit this vulnerability. Finally, educating users about the risks of local access and enforcing strong local user account policies will reduce exposure.