CVE-2026-32810
Insecure File Permissions in Halloy IRC Expose Credentials
Publication date: 2026-03-20
Last updated on: 2026-03-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| halloy | halloy | to 2026.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Halloy, an IRC application written in Rust. In versions on *nix and macOS prior to a specific commit, Halloy creates its configuration directory and files using default umask permissions. These default permissions typically result in files having 0644 and directories having 0755 permissions. Because of this, any local user on the system can read plaintext credentials stored in the config.toml file or in referenced password_file paths.
The issue was fixed in commit f180e41061db393acf65bc99f5c5e7397586d9cb, which patches the problem by presumably changing how permissions are set.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing any local user on the system to read sensitive plaintext credentials stored by the Halloy IRC application. This could lead to unauthorized access to your IRC accounts or other services that use these credentials, potentially compromising your privacy and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the permissions of the Halloy IRC application's configuration files and directories on your system. Specifically, you should verify if the config directory and files such as config.toml or any referenced password_file paths have overly permissive permissions (e.g., files with 0644 and directories with 0755), which allow other local users to read plaintext credentials.
You can use commands like the following to check permissions:
- ls -l ~/.config/halloy/config.toml
- ls -ld ~/.config/halloy
If these files or directories have permissions that allow read access to other users, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should update the Halloy IRC application to a version that includes the patch from commit f180e41061db393acf65bc99f5c5e7397586d9cb or later.
Additionally, you can manually restrict the permissions of the configuration directory and files to prevent other local users from reading sensitive information. For example, set the config directory permissions to 0700 and config files to 0600 using commands like:
- chmod 700 ~/.config/halloy
- chmod 600 ~/.config/halloy/config.toml
These steps will help protect plaintext credentials stored in the configuration files from unauthorized local access.