CVE-2026-6843
Analyzed Analyzed - Analysis Complete
Format String Vulnerability in nano's statusline() Causes DoS

Publication date: 2026-04-22

Last updated on: 2026-05-20

Assigner: Red Hat, Inc.

Description
A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-20
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6843
EUVD
EUVD-2026-24708
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gnu nano 8.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-134 The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6843 is a format string vulnerability found in the nano text editor, specifically in the statusline() function.

The issue occurs when a local user creates a directory with a name containing printf format specifiers (such as %s). When nano attempts to display this directory name, it uses the name as a format string argument without proper handling.

This improper use of the directory name as a format string causes unintended stack reads and leads to a segmentation fault (SEGV), which crashes the nano application.

As a result, this vulnerability causes a Denial of Service (DoS) for the nano application.

Impact Analysis

This vulnerability can impact you by causing the nano text editor to crash unexpectedly when it tries to display directory names containing format specifiers.

Since the crash results in a segmentation fault, it leads to a Denial of Service (DoS) condition for nano, preventing you from using the editor until it is restarted.

This could disrupt workflows that rely on nano for text editing, especially in environments where local users have access to create directories.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the issue locally on systems running the vulnerable nano version. Specifically, creating a directory with a name containing printf format specifiers (e.g., %s) and then opening nano to trigger the statusline() function can reveal the vulnerability if it causes a segmentation fault (SEGV).

There are no specific network detection commands since this is a local vulnerability affecting the nano text editor. Detection involves local testing rather than network scanning.

A suggested approach to detect the vulnerability on a system is:

  • Create a directory with a name containing printf format specifiers, for example: mkdir '%s'
  • Run nano in or near that directory and observe if it crashes with a segmentation fault.
  • Use debugging or sanitizing tools such as AddressSanitizer (ASAN) to confirm the presence of the format string vulnerability.
Mitigation Strategies

Immediate mitigation steps include avoiding the use of directory names containing printf format specifiers to prevent triggering the vulnerability.

Additionally, updating nano to a version where this vulnerability is fixed is recommended once a patch is available.

Since this is a local vulnerability causing a Denial of Service, restricting untrusted local users from creating directories with malicious names or limiting access to nano may reduce risk.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6843. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart