CVE-2026-6843
Format String Vulnerability in nano's statusline() Causes DoS
Publication date: 2026-04-22
Last updated on: 2026-04-22
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | nano | 8.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6843 is a format string vulnerability found in the nano text editor, specifically in the statusline() function.
The issue occurs when a local user creates a directory with a name containing printf format specifiers (such as %s). When nano attempts to display this directory name, it uses the name as a format string argument without proper handling.
This improper use of the directory name as a format string causes unintended stack reads and leads to a segmentation fault (SEGV), which crashes the nano application.
As a result, this vulnerability causes a Denial of Service (DoS) for the nano application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the nano text editor to crash unexpectedly when it tries to display directory names containing format specifiers.
Since the crash results in a segmentation fault, it leads to a Denial of Service (DoS) condition for nano, preventing you from using the editor until it is restarted.
This could disrupt workflows that rely on nano for text editing, especially in environments where local users have access to create directories.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the issue locally on systems running the vulnerable nano version. Specifically, creating a directory with a name containing printf format specifiers (e.g., %s) and then opening nano to trigger the statusline() function can reveal the vulnerability if it causes a segmentation fault (SEGV).
There are no specific network detection commands since this is a local vulnerability affecting the nano text editor. Detection involves local testing rather than network scanning.
A suggested approach to detect the vulnerability on a system is:
- Create a directory with a name containing printf format specifiers, for example: mkdir '%s'
- Run nano in or near that directory and observe if it crashes with a segmentation fault.
- Use debugging or sanitizing tools such as AddressSanitizer (ASAN) to confirm the presence of the format string vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of directory names containing printf format specifiers to prevent triggering the vulnerability.
Additionally, updating nano to a version where this vulnerability is fixed is recommended once a patch is available.
Since this is a local vulnerability causing a Denial of Service, restricting untrusted local users from creating directories with malicious names or limiting access to nano may reduce risk.