CVE-2026-40556: CWE-732: Incorrect Permission Assignment for Critical Resource in GNU nano
GNU nano creates the user’s ~/.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group (XDG) data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where the process umask does not sufficiently restrict permissions. In systems with a relaxed or zero umask, such as container environments, CI/CD runners, embedded systems, or user shells configured with umask 000, this results in ~/.local being created as world‑writable. A local attacker can exploit a race window between nano’s creation of ~/.local and its subsequent creation of more restrictive subdirectories to write attacker‑controlled files into the victim’s XDG directory hierarchy. This problem was fixed in nano version 9.0
AI Analysis
Technical Summary
GNU nano versions before 9.0 improperly assign permissions when creating the ~/.local directory, explicitly requesting mode 0777, which results in world-writable permissions if the system umask does not restrict them. This incorrect permission assignment (CWE-732) can be exploited locally to write attacker-controlled files during a race window before nano creates more restrictive subdirectories. The vulnerability affects nano version 2.9.1 and was published on 2026-04-28. No official patch link or remediation level is provided in the data, but the issue is fixed in nano 9.0.
Potential Impact
On systems with relaxed or zero umask settings, such as containers, CI/CD runners, embedded systems, or user shells configured with umask 000, the ~/.local directory becomes world-writable. This allows a local attacker to exploit a race condition to insert malicious files into the victim's XDG directory hierarchy, potentially leading to unauthorized file manipulation. The impact is limited to local privilege and file integrity issues and is rated as low severity (CVSS 2.1).
Mitigation Recommendations
Upgrade GNU nano to version 9.0 or later, where this permission assignment issue is fixed. Since no official patch link or vendor advisory is provided, users should verify the nano version in use and update accordingly. In the meantime, ensure that system umask settings are not overly permissive (avoid umask 000) to reduce exposure.
CVE-2026-40556: CWE-732: Incorrect Permission Assignment for Critical Resource in GNU nano
Description
GNU nano creates the user’s ~/.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group (XDG) data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where the process umask does not sufficiently restrict permissions. In systems with a relaxed or zero umask, such as container environments, CI/CD runners, embedded systems, or user shells configured with umask 000, this results in ~/.local being created as world‑writable. A local attacker can exploit a race window between nano’s creation of ~/.local and its subsequent creation of more restrictive subdirectories to write attacker‑controlled files into the victim’s XDG directory hierarchy. This problem was fixed in nano version 9.0
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
GNU nano versions before 9.0 improperly assign permissions when creating the ~/.local directory, explicitly requesting mode 0777, which results in world-writable permissions if the system umask does not restrict them. This incorrect permission assignment (CWE-732) can be exploited locally to write attacker-controlled files during a race window before nano creates more restrictive subdirectories. The vulnerability affects nano version 2.9.1 and was published on 2026-04-28. No official patch link or remediation level is provided in the data, but the issue is fixed in nano 9.0.
Potential Impact
On systems with relaxed or zero umask settings, such as containers, CI/CD runners, embedded systems, or user shells configured with umask 000, the ~/.local directory becomes world-writable. This allows a local attacker to exploit a race condition to insert malicious files into the victim's XDG directory hierarchy, potentially leading to unauthorized file manipulation. The impact is limited to local privilege and file integrity issues and is rated as low severity (CVSS 2.1).
Mitigation Recommendations
Upgrade GNU nano to version 9.0 or later, where this permission assignment issue is fixed. Since no official patch link or vendor advisory is provided, users should verify the nano version in use and update accordingly. In the meantime, ensure that system umask settings are not overly permissive (avoid umask 000) to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-04-14T09:44:32.553Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0c288cbff5d86101cc9d8
Added to database: 4/28/2026, 2:22:00 PM
Last enriched: 4/28/2026, 2:37:21 PM
Last updated: 4/29/2026, 4:05:48 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.