CVE-2026-32810
Received Received - Intake
Insecure File Permissions in Halloy IRC Expose Credentials

Publication date: 2026-03-20

Last updated on: 2026-03-23

Assigner: GitHub, Inc.

Description
Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in `0644` on files and `0755` on directories. This allows any local user on the system to read plaintext credentials stored in `config.toml` or referenced `password_file` paths. Commit f180e41061db393acf65bc99f5c5e7397586d9cb patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32810
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
halloy halloy to 2026.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Halloy, an IRC application written in Rust. In versions on *nix and macOS prior to a specific commit, Halloy creates its configuration directory and files using default umask permissions. These default permissions typically result in files having 0644 and directories having 0755 permissions. Because of this, any local user on the system can read plaintext credentials stored in the config.toml file or in referenced password_file paths.

The issue was fixed in commit f180e41061db393acf65bc99f5c5e7397586d9cb, which patches the problem by presumably changing how permissions are set.

Impact Analysis

This vulnerability can impact you by allowing any local user on the system to read sensitive plaintext credentials stored by the Halloy IRC application. This could lead to unauthorized access to your IRC accounts or other services that use these credentials, potentially compromising your privacy and security.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking the permissions of the Halloy IRC application's configuration files and directories on your system. Specifically, you should verify if the config directory and files such as config.toml or any referenced password_file paths have overly permissive permissions (e.g., files with 0644 and directories with 0755), which allow other local users to read plaintext credentials.

You can use commands like the following to check permissions:

  • ls -l ~/.config/halloy/config.toml
  • ls -ld ~/.config/halloy

If these files or directories have permissions that allow read access to other users, the vulnerability is present.

Mitigation Strategies

To mitigate this vulnerability immediately, you should update the Halloy IRC application to a version that includes the patch from commit f180e41061db393acf65bc99f5c5e7397586d9cb or later.

Additionally, you can manually restrict the permissions of the configuration directory and files to prevent other local users from reading sensitive information. For example, set the config directory permissions to 0700 and config files to 0600 using commands like:

  • chmod 700 ~/.config/halloy
  • chmod 600 ~/.config/halloy/config.toml

These steps will help protect plaintext credentials stored in the configuration files from unauthorized local access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart