CVE-2026-6842: Incorrect Permission Assignment for Critical Resource in Red Hat Red Hat Enterprise Linux 10
CVE-2026-6842 is a vulnerability in the nano editor on Red Hat Enterprise Linux 10 where the ~/. local directory is assigned overly permissive permissions (0777) instead of the more restrictive 0700 in environments with permissive umask settings. This incorrect permission assignment allows a local attacker to inject a malicious . desktop launcher file. If this launcher is processed later, it could lead to unintended actions or information disclosure. The vulnerability has a low CVSS score of 2. 5 and does not affect confidentiality or availability, only integrity to a limited extent. No official patch or remediation level is currently provided by Red Hat, and no known exploits are reported in the wild. Users should monitor the vendor advisory for updates on remediation.
AI Analysis
Technical Summary
This vulnerability involves incorrect permission assignment for the ~/.local directory in Red Hat Enterprise Linux 10 when using nano, resulting in permissions set to 0777 instead of 0700 under permissive umask settings. This allows a local attacker to place a malicious .desktop launcher file in that directory, potentially causing unintended actions or information disclosure if the launcher is processed. The CVSS 3.1 base score is 2.5, reflecting low severity with local attack vector, high attack complexity, low privileges required, no user interaction, and limited integrity impact. Red Hat has published an advisory but has not indicated an official fix or remediation level at this time.
Potential Impact
The impact is limited to local attackers who can exploit overly permissive directory permissions to inject malicious launcher files. This could lead to unintended actions or information disclosure but does not affect system confidentiality or availability. The low CVSS score and absence of known exploits indicate limited risk currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6842 for current remediation guidance. Until an official fix is available, users should consider tightening umask settings to avoid permissive directory permissions and restrict local user access to prevent exploitation.
CVE-2026-6842: Incorrect Permission Assignment for Critical Resource in Red Hat Red Hat Enterprise Linux 10
Description
CVE-2026-6842 is a vulnerability in the nano editor on Red Hat Enterprise Linux 10 where the ~/. local directory is assigned overly permissive permissions (0777) instead of the more restrictive 0700 in environments with permissive umask settings. This incorrect permission assignment allows a local attacker to inject a malicious . desktop launcher file. If this launcher is processed later, it could lead to unintended actions or information disclosure. The vulnerability has a low CVSS score of 2. 5 and does not affect confidentiality or availability, only integrity to a limited extent. No official patch or remediation level is currently provided by Red Hat, and no known exploits are reported in the wild. Users should monitor the vendor advisory for updates on remediation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves incorrect permission assignment for the ~/.local directory in Red Hat Enterprise Linux 10 when using nano, resulting in permissions set to 0777 instead of 0700 under permissive umask settings. This allows a local attacker to place a malicious .desktop launcher file in that directory, potentially causing unintended actions or information disclosure if the launcher is processed. The CVSS 3.1 base score is 2.5, reflecting low severity with local attack vector, high attack complexity, low privileges required, no user interaction, and limited integrity impact. Red Hat has published an advisory but has not indicated an official fix or remediation level at this time.
Potential Impact
The impact is limited to local attackers who can exploit overly permissive directory permissions to inject malicious launcher files. This could lead to unintended actions or information disclosure but does not affect system confidentiality or availability. The low CVSS score and absence of known exploits indicate limited risk currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6842 for current remediation guidance. Until an official fix is available, users should consider tightening umask settings to avoid permissive directory permissions and restrict local user access to prevent exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-22T07:20:17.989Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-6842","vendor":"Red Hat"}]
Threat ID: 69e87cbe19fe3cd2cd7bf973
Added to database: 4/22/2026, 7:46:06 AM
Last enriched: 4/22/2026, 8:01:22 AM
Last updated: 4/22/2026, 9:53:25 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.