CVE-2026-6842: Incorrect Permission Assignment for Critical Resource in Red Hat Red Hat Enterprise Linux 10
CVE-2026-6842 is a low-severity vulnerability in the nano editor on Red Hat Enterprise Linux 10. It involves incorrect directory permissions (0777 instead of 0700) on the ~/. local directory under permissive umask settings. This misconfiguration allows a local attacker to inject a malicious . desktop launcher, potentially leading to unintended actions or information disclosure if the launcher is processed. The vulnerability requires local access and has high attack complexity, with no privileges beyond a local user level needed and no user interaction required. As of the advisory publication, there is no confirmed patch or official remediation guidance from Red Hat.
AI Analysis
Technical Summary
This vulnerability arises from incorrect permission assignment on the ~/.local directory in Red Hat Enterprise Linux 10's nano editor, where the directory is set to 0777 instead of the more restrictive 0700. Under permissive umask settings, this allows a local attacker to place a malicious .desktop launcher file that could be processed by the system, potentially causing unintended actions or information disclosure. Exploitation requires local access and is considered complex, with no elevated privileges or user interaction necessary. The CVSS v3.1 base score is 2.5, reflecting low severity. No official patch or remediation level has been provided by Red Hat at this time.
Potential Impact
The impact is limited to local users who can exploit the overly permissive directory permissions to inject a malicious .desktop launcher. This could lead to unintended actions or information disclosure. There is no indication of privilege escalation or remote exploitation. The low CVSS score and high attack complexity indicate limited risk under normal conditions.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6842 for current remediation guidance. Until an official fix is available, users should consider manually verifying and correcting the permissions of the ~/.local directory to 0700 to prevent unauthorized modification. No vendor advisory states that no action is required or that the issue is already mitigated.
CVE-2026-6842: Incorrect Permission Assignment for Critical Resource in Red Hat Red Hat Enterprise Linux 10
Description
CVE-2026-6842 is a low-severity vulnerability in the nano editor on Red Hat Enterprise Linux 10. It involves incorrect directory permissions (0777 instead of 0700) on the ~/. local directory under permissive umask settings. This misconfiguration allows a local attacker to inject a malicious . desktop launcher, potentially leading to unintended actions or information disclosure if the launcher is processed. The vulnerability requires local access and has high attack complexity, with no privileges beyond a local user level needed and no user interaction required. As of the advisory publication, there is no confirmed patch or official remediation guidance from Red Hat.
CVSS v3.1
Score 2.5low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from incorrect permission assignment on the ~/.local directory in Red Hat Enterprise Linux 10's nano editor, where the directory is set to 0777 instead of the more restrictive 0700. Under permissive umask settings, this allows a local attacker to place a malicious .desktop launcher file that could be processed by the system, potentially causing unintended actions or information disclosure. Exploitation requires local access and is considered complex, with no elevated privileges or user interaction necessary. The CVSS v3.1 base score is 2.5, reflecting low severity. No official patch or remediation level has been provided by Red Hat at this time.
Potential Impact
The impact is limited to local users who can exploit the overly permissive directory permissions to inject a malicious .desktop launcher. This could lead to unintended actions or information disclosure. There is no indication of privilege escalation or remote exploitation. The low CVSS score and high attack complexity indicate limited risk under normal conditions.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6842 for current remediation guidance. Until an official fix is available, users should consider manually verifying and correcting the permissions of the ~/.local directory to 0700 to prevent unauthorized modification. No vendor advisory states that no action is required or that the issue is already mitigated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-22T07:20:17.989Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-6842","vendor":"Red Hat"}]
Threat ID: 69e87cbe19fe3cd2cd7bf973
Added to database: 4/22/2026, 7:46:06 AM
Last enriched: 6/3/2026, 9:17:12 PM
Last updated: 6/5/2026, 2:29:40 PM
Views: 72
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.