{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6843", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-22T07:23:19.148Z", "datePublished": "2026-04-22T08:30:04.572Z", "dateUpdated": "2026-04-22T08:30:04.572Z"}, "containers": {"cna": {"title": "Nano: nano: format string vulnerability leads to denial of service", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "nano", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6843", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460017", "name": "RHBZ#2460017", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-13T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-134: Use of Externally-Controlled Format String", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Micha\u0142 Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-22T08:30:04.572Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application."}], "id": "CVE-2026-6843", "lastModified": "2026-04-22T09:16:26.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-22T09:16:26.963", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-6843"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460017"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:24:03.284343+00:00", "value": {"mitigation_remediation": ["Red\u00a0Hat has not published a patch; its advisory cites a format\u2011string flaw (CWE\u2011134).", "Use an alternative editor such as vi, emacs, or micro, or uninstall nano if not required.", "Restrict or sanitize directory names to escape or prohibit printf specifiers, thereby preventing the crash.", "Monitor Red\u00a0Hat security channels for updates and apply fixes when released."], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw affects Red\u00a0Hat Enterprise Linux\u00a010,\u00a06,\u00a07,\u00a08, and\u00a09, as well as Red\u00a0Hat OpenShift Container Platform\u00a04. Users running the nano editor on these platforms are potentially exposed.", "description_and_impact": "A local user can trigger a segmentation fault in the nano editor by creating a directory whose name contains printf format specifiers. The vulnerable statusline() function attempts to display the directory name without proper sanitization, causing nano to crash. The resulting denial of service is confined to the instance of the nano application and does not compromise system integrity or confidentiality directly.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires local user access and involves a directory name crafted with format specifiers. Exploitation results in a graceful crash of the nano process, effectively denying its use until a restart or mitigate step is taken."}}}}, "created": "2026-04-22T11:30:15.372643+00:00", "updated": "2026-04-22T11:30:15.372655+00:00", "vendors": []}